Skip to content

Commit

Permalink
deps: V8: cherry-pick e0a109c
Browse files Browse the repository at this point in the history
Original commit message:

    [api] Implement StartupData::CanBeRehashed() for the snapshot blob

    This enables the embedder to check if the snapshot generated
    from SnapshotCreator::CreateBlob() can be rehashed and the seed
    can be recomputed during deserialization.

    The lack of this functionality resulted in a temporary vunerability
    in Node.js: nodejs#27365

    Change-Id: I88d52337217c40f79c26438be3c87d2db874d980
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578661
    Commit-Queue: Joyee Cheung <joyee@igalia.com>
    Reviewed-by: Yang Guo <yangguo@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#61175}

Refs: v8/v8@e0a109c
  • Loading branch information
joyeecheung committed Jun 5, 2019
1 parent 2c76874 commit 2702abb
Show file tree
Hide file tree
Showing 6 changed files with 20 additions and 3 deletions.
2 changes: 1 addition & 1 deletion common.gypi
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

# Reset this number to 0 on major V8 upgrades.
# Increment by one for each non-official patch applied to deps/v8.
'v8_embedder_string': '-node.13',
'v8_embedder_string': '-node.14',

##### V8 defaults for Node.js #####

Expand Down
7 changes: 7 additions & 0 deletions deps/v8/include/v8.h
Original file line number Diff line number Diff line change
Expand Up @@ -8609,6 +8609,13 @@ class V8_EXPORT Isolate {

class V8_EXPORT StartupData {
public:
/**
* Whether the data created can be rehashed and and the hash seed can be
* recomputed when deserialized.
* Only valid for StartupData returned by SnapshotCreator::CreateBlob().
*/
bool CanBeRehashed() const;

const char* data;
int raw_size;
};
Expand Down
5 changes: 5 additions & 0 deletions deps/v8/src/api.cc
Original file line number Diff line number Diff line change
Expand Up @@ -887,6 +887,11 @@ StartupData SnapshotCreator::CreateBlob(
return result;
}

bool StartupData::CanBeRehashed() const {
DCHECK(i::Snapshot::VerifyChecksum(this));
return i::Snapshot::ExtractRehashability(this);
}

void V8::SetDcheckErrorHandler(DcheckErrorCallback that) {
v8::base::SetDcheckFunction(that);
}
Expand Down
4 changes: 3 additions & 1 deletion deps/v8/src/snapshot/snapshot-common.cc
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,9 @@ uint32_t Snapshot::ExtractContextOffset(const v8::StartupData* data,

bool Snapshot::ExtractRehashability(const v8::StartupData* data) {
CHECK_LT(kRehashabilityOffset, static_cast<uint32_t>(data->raw_size));
return GetHeaderValue(data, kRehashabilityOffset) != 0;
uint32_t rehashability = GetHeaderValue(data, kRehashabilityOffset);
CHECK_IMPLIES(rehashability != 0, rehashability == 1);
return rehashability != 0;
}

namespace {
Expand Down
3 changes: 2 additions & 1 deletion deps/v8/src/snapshot/snapshot.h
Original file line number Diff line number Diff line change
Expand Up @@ -87,11 +87,12 @@ class Snapshot : public AllStatic {
static bool SnapshotIsValid(const v8::StartupData* snapshot_blob);
#endif // DEBUG

static bool ExtractRehashability(const v8::StartupData* data);

private:
static uint32_t ExtractNumContexts(const v8::StartupData* data);
static uint32_t ExtractContextOffset(const v8::StartupData* data,
uint32_t index);
static bool ExtractRehashability(const v8::StartupData* data);
static Vector<const byte> ExtractStartupData(const v8::StartupData* data);
static Vector<const byte> ExtractReadOnlyData(const v8::StartupData* data);
static Vector<const byte> ExtractContextData(const v8::StartupData* data,
Expand Down
2 changes: 2 additions & 0 deletions deps/v8/test/cctest/test-serialize.cc
Original file line number Diff line number Diff line change
Expand Up @@ -3774,6 +3774,7 @@ UNINITIALIZED_TEST(ReinitializeHashSeedRehashable) {
}
blob =
creator.CreateBlob(v8::SnapshotCreator::FunctionCodeHandling::kClear);
CHECK(!blob.CanBeRehashed());
}

i::FLAG_hash_seed = 1337;
Expand Down Expand Up @@ -3842,6 +3843,7 @@ UNINITIALIZED_TEST(WeakArraySerializationInSnapshot) {
}
blob =
creator.CreateBlob(v8::SnapshotCreator::FunctionCodeHandling::kClear);
CHECK(blob.CanBeRehashed());
}

v8::Isolate::CreateParams create_params;
Expand Down

0 comments on commit 2702abb

Please sign in to comment.