From fcb9145e291e8cb82164bc1fe3db1c1dae219b55 Mon Sep 17 00:00:00 2001 From: Myles Borins Date: Thu, 2 Jun 2016 18:11:28 +0200 Subject: [PATCH] deps: backport 3a9bfec from v8 upstream Some of the logic from `zone.cc` is found in `zone-inl.h` in this release stream. Original commit message: Fix overflow issue in Zone::New When requesting a large allocation near the end of the address space, the computation could overflow and erroneously *not* grow the Zone as required. BUG=chromium:606115 LOG=y Review-Url: https://codereview.chromium.org/1930873002 Cr-Commit-Position: refs/heads/master@{#35903} PR-URL: https://github.com/nodejs/node-private/pull/43 Reviewed-By: Ben Noordhuis Reviewed-By: Rod Vagg --- deps/v8/src/zone-inl.h | 5 ++++- deps/v8/src/zone.cc | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/deps/v8/src/zone-inl.h b/deps/v8/src/zone-inl.h index e312b20899d12d..076556e1462fb8 100644 --- a/deps/v8/src/zone-inl.h +++ b/deps/v8/src/zone-inl.h @@ -55,7 +55,10 @@ inline void* Zone::New(int size) { // Check if the requested size is available without expanding. Address result = position_; - if (size > limit_ - position_) { + const uintptr_t limit = reinterpret_cast(limit_); + const uintptr_t position = reinterpret_cast(position_); + // position_ > limit_ can be true after the alignment correction above. + if (limit < position || size > limit - position) { result = NewExpand(size); } else { position_ += size; diff --git a/deps/v8/src/zone.cc b/deps/v8/src/zone.cc index 51b8113a0d912e..5db12be3e33ad1 100644 --- a/deps/v8/src/zone.cc +++ b/deps/v8/src/zone.cc @@ -168,7 +168,10 @@ Address Zone::NewExpand(int size) { // Make sure the requested size is already properly aligned and that // there isn't enough room in the Zone to satisfy the request. ASSERT(size == RoundDown(size, kAlignment)); - ASSERT(size > limit_ - position_); + ASSERT(limit_ < position_ || + reinterpret_cast(limit_) - + reinterpret_cast(position_) < + size); // Compute the new segment size. We use a 'high water mark' // strategy, where we increase the segment size every time we expand