Ensure free-standing wasm tables are rooted in importing instances |
||||||||||||||||
Issue descriptionRefer to patch#1 here: https://chromium-review.googlesource.com/c/v8/v8/+/828157/1
,
Dec 20 2017
,
Dec 20 2017
Tightened access. The issue is a security one - invalid memory accesses.
,
Dec 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/f9c9616e622cb712841b1151483fe8d7ff844100 commit f9c9616e622cb712841b1151483fe8d7ff844100 Author: Mircea Trofin <mtrofin@chromium.org> Date: Wed Dec 20 19:17:12 2017 [wasm] Ensure free-standing tables are rooted. Bug: chromium:796584 Change-Id: Ib6a62d616d36344f35cad0b0a177f8f07c7fd2ac Reviewed-on: https://chromium-review.googlesource.com/836849 Reviewed-by: Brad Nelson <bradnelson@chromium.org> Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50244} [modify] https://crrev.com/f9c9616e622cb712841b1151483fe8d7ff844100/src/wasm/module-compiler.cc [modify] https://crrev.com/f9c9616e622cb712841b1151483fe8d7ff844100/src/wasm/wasm-objects-inl.h [modify] https://crrev.com/f9c9616e622cb712841b1151483fe8d7ff844100/src/wasm/wasm-objects.h [modify] https://crrev.com/f9c9616e622cb712841b1151483fe8d7ff844100/test/mjsunit/wasm/indirect-tables.js
,
Dec 21 2017
,
Dec 22 2017
,
Jan 4 2018
,
Jan 4 2018
This bug requires manual review: M64 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 4 2018
Please add affected OSs.
,
Jan 4 2018
,
Jan 4 2018
,
Jan 5 2018
,
Jan 5 2018
,
Jan 5 2018
Please merge the approved cl(s) to M64 release branch 3282 as soon as possible.
,
Jan 9 2018
+Brad for the merge.
,
Jan 9 2018
Please merge this today
,
Jan 10 2018
This one needs a rebase in order to merge it.
,
Jan 12 2018
titzer@ please take care of this
,
Jan 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/62dce33fd852c79062111906cf09f1cfecfe1c6e commit 62dce33fd852c79062111906cf09f1cfecfe1c6e Author: Ben L. Titzer <titzer@google.com> Date: Mon Jan 15 18:21:34 2018 Merged: [wasm] Ensure free-standing tables are rooted. Revision: f9c9616e622cb712841b1151483fe8d7ff844100 BUG= chromium:796584 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=mlippautz@chromium.org Change-Id: I5e4a4a4fb6bea1821558d8a8d8baa88ca08f26f7 Reviewed-on: https://chromium-review.googlesource.com/867373 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/branch-heads/6.4@{#55} Cr-Branched-From: 0407506af3d9d7e2718be1d8759296165b218fcf-refs/heads/6.4.388@{#1} Cr-Branched-From: a5fc4e085ee543cb608eb11034bc8f147ba388e1-refs/heads/master@{#49724} [modify] https://crrev.com/62dce33fd852c79062111906cf09f1cfecfe1c6e/src/wasm/module-compiler.cc [modify] https://crrev.com/62dce33fd852c79062111906cf09f1cfecfe1c6e/src/wasm/wasm-objects-inl.h [modify] https://crrev.com/62dce33fd852c79062111906cf09f1cfecfe1c6e/src/wasm/wasm-objects.h [modify] https://crrev.com/62dce33fd852c79062111906cf09f1cfecfe1c6e/test/mjsunit/wasm/indirect-tables.js
,
Jan 16 2018
,
Mar 30 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||
Comment 1 by mtrofin@chromium.org
, Dec 20 2017