-
tzik authored
This CL fixes a CFI check failure on the Oilpan incremental marking. The initialization of ContextLifecycleObserver is done as: 1. Allocate sufficient memory for the instance 2. Call GCM constructor 3. Update the vptr to point LifecycleObserver's vtable 4. Call the body of LifecycleObserver constructor. 5. Update the vptr to point ContextLifecycleObserver's vtable 6. Call the body of ContextLifecycleObserver constructor. In the step 4, the constructor calls SetContext, which casts the instance from LO to CLO and stores it to LifecycleNotifier, and that causes Trace() or GetTraceDescriptor() call on CLO, rather than LO. Note that the instance is ready as an LO instance, but not ready as an CLO instance at the moment. While a virtual method of CLO is being dispatched, CFI checks if the vtable of the receiver is for CLO or its subclass, but that was not true as the vptr points LO's vtable until the step 5. After this CL, LO::Trace() or LO:GetTraceDescriptor() will be called in SetContext(), rather than CLO::Trace() or CLO::GetTraceDescriptor(), that should be ready to call before the step 5. Bug: 854639 Change-Id: Ib27f147099ccb416d5f357fccd401d003de2dcaa Reviewed-on: https://chromium-review.googlesource.com/1122140 Commit-Queue: Taiju Tsuiki <tzik@chromium.org> Reviewed-by:
Kentaro Hara <haraken@chromium.org> Reviewed-by:
Keishi Hattori <keishi@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#572103}
9170750f
