heap: Avoid reporting back memory changes during Scavenge

Blink must not report back memory changes during Scavenge (==
non-tracing GC) as those could trigger (or finalize) full garbage
collections. GC while GC is not supported and we have to delay the
reporting in those scenarios.

Bug: 1014078
Change-Id: I24ecbfa93639b67f54bbfd103c7b7753ef9e52aa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1859973
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#705611}

third_party/blink/renderer/platform/heap/unified_heap_controller.cc

@@ -177,6 +177,10 @@ void UnifiedHeapController::ResetHandleInNonTracingGC(
       class_id != WrapperTypeInfo::kObjectClassId)
     return;
 
+  // Clearing the wrapper below adjusts the DOM wrapper store which may
+  // re-allocate its backing. We have to avoid report memory to V8 as that may
+  // trigger GC during GC.
+  ThreadState::GCForbiddenScope gc_forbidden(thread_state());
   const v8::TracedReference<v8::Object>& traced = handle.As<v8::Object>();
   bool success = DOMWrapperWorld::UnsetSpecificWrapperIfSet(
       ToScriptWrappable(traced), traced);