Oilpan plugin doesn't seem to warn about global raw pointers to GC objects |
|
Issue descriptionA previous iteration of https://chromium-review.googlesource.com/c/chromium/src/+/1299537 landed and was reverted for causing crashes. The crashes are likely because a global variable of type LocalFrame* was added; since it's not a Persistent/WeakPersistent, Oilpan doesn't know about it. If the LocalFrame object is swept, then we have a UaF. |
|
►
Sign in to add a comment |
|
Comment 1 by mlippautz@chromium.org
, Jan 16 (6 days ago)