Hello, I found a case of crash, if NewArray in GetSpareOrNewBlock returns a contiguous address. If consecutive calls to HandleScope::Extend result in the first call's limit being exactly equal to the second call's block_start, then during HandleScope::DeleteExtensions, it will incorrectly judge that it is in a SealedHandleScope, leading to subsequent out-of-bounds access.
-- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/6ea5dd41-03a8-4343-94f0-1e8433e3fb51n%40googlegroups.com.