Fix alloc/dealloc size mismatch for v8::BackingStore

ulan · Commit Bot · commit 9a49b2298f65 · 2020-11-02T11:57:30.000Z
On newer compilers the {operator delete} with explicit {size_t} argument would be instantiated for {v8::BackingStore} and used in the destructor of {std::unique_ptr<v8::BackingStore>}. The {size_t} argument is wrong though, since the pointer actually points to a {v8::internal::BackingStore} object. The solution is to explicitly provide a {operator delete}, preventing an implicitly generated {size_t} operator. Bug:v8:11081 Change-Id: Iee0aa47a67f0e41000bea628942f7e3d70198b83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2506712 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#70916}
diff --git a/include/v8.h b/include/v8.h
@@ -5078,6 +5078,13 @@ class V8_EXPORT BackingStore : public v8::internal::BackingStoreBase {
    */
   bool IsShared() const;
 
+  /**
+   * Prevent implicit instantiation of operator delete with size_t argument.
+   * The size_t argument would be incorrect because ptr points to the
+   * internal BackingStore object.
+   */
+  void operator delete(void* ptr) { ::operator delete(ptr); }
+
   /**
    * Wrapper around ArrayBuffer::Allocator::Reallocate that preserves IsShared.
    * Assumes that the backing_store was allocated by the ArrayBuffer allocator
