chore: cherry-pick 3 changes from Release-5-M120 #41015
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
VerteDinde
added
security 🔒
semver/patch
electron-cation
bot
added
new-pr 🌱
* 46cb67e3b296 from v8 * c1cda70a433a from chromium * 78dd4b31847a from v8
VerteDinde
force-pushed
the
cherry-pick/security/26-x-y/release-5-m120
branch
from
a67d1eb
to
b185354
Compare
ppontes
approved these changes
Jan 17, 2024
jkleinsc
approved these changes
Jan 17, 2024
|
Release Notes Persisted
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
electron/security#451 - 46cb67e3b296 from v8
[codegen] Install BytecodeArray last in SharedFunctionInfoMaglev assumes that when a SharedFunctionInfo has a BytecodeArray,
then it should also have FeedbackMetadata. However, this may not
hold with concurrent compilation when the SharedFunctionInfo is
re-compiled after being flushed. Here the BytecodeArray was installed
on the SFI before the FeedbackMetadata and a concurrent thread could
observe the BytecodeArray but not the FeedbackMetadata.
Drive-by: Reset the age field before setting the BytecodeArray as
well. This ensures that the concurrent marker will not observe the
old age for the new BytecodeArray.
Bug: chromium:1507412
Change-Id: I8855ed7ecc50c4a47d2c89043d62ac053858bc75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5125960
Reviewed-by: Leszek Swirski leszeks@chromium.org
Commit-Queue: Dominik Inführ dinfuehr@chromium.org
Cr-Commit-Position: refs/heads/main@{#91568}
electron/security#452 - c1cda70a433a from chromium
Speculative fix for UAF in content::WebContentsImpl::ExitFullscreenModeBug: 1506535, 854815
Change-Id: Iace64d63f8cea2dbfbc761ad233db42451ec101c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5146875
Commit-Queue: John Abd-El-Malek jam@chromium.org
Auto-Submit: Mike Wasserman msw@chromium.org
Reviewed-by: John Abd-El-Malek jam@chromium.org
Cr-Commit-Position: refs/heads/main@{#1240353}
electron/security#450 - 78dd4b31847a from v8
[maglev] Fix allocation folding in derived constructorsBug: v8:7700
Change-Id: Ia33724d39d1397c7d47c36d14071abce6ed4b0fc
Fixed: chromium:1515930
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5173470
Commit-Queue: Patrick Thier pthier@chromium.org
Reviewed-by: Patrick Thier pthier@chromium.org
Commit-Queue: Leszek Swirski leszeks@chromium.org
Auto-Submit: Leszek Swirski leszeks@chromium.org
Cr-Commit-Position: refs/heads/main@{#91709}
Notes: