buffer: always allocate typed arrays outside heap

trevnorris · Fishrock123 · commit 4b4cfa2d44da · 2015-09-16T11:41:00.000-04:00
By default v8 allocates typed arrays <= 64 bytes inside the v8 heap. In these cases the memory pointer returned by Buffer::Data() can change while the memory is being operated on. Resolve by passing a flag that forces all typed arrays outside the v8 heap. Fixes: 74178a5 "buffer: construct Uint8Array in JS" PR-URL: #2893 Reviewed-By: Fedor Indutny <fedor@indutny.com>
diff --git a/src/node.cc b/src/node.cc
@@ -3685,6 +3685,12 @@ void Init(int* argc,
     V8::SetFlagsFromString(expose_debug_as, sizeof(expose_debug_as) - 1);
   }
 
+  // Unconditionally force typed arrays to allocate outside the v8 heap. This
+  // is to prevent memory pointers from being moved around that are returned by
+  // Buffer::Data().
+  const char no_typed_array_heap[] = "--typed_array_max_size_in_heap=0";
+  V8::SetFlagsFromString(no_typed_array_heap, sizeof(no_typed_array_heap) - 1);
+
   if (!use_debug_agent) {
     RegisterDebugSignalHandler();
   }

Original file line number	Diff line number	Diff line change
`@@ -3685,6 +3685,12 @@ void Init(int* argc,`
`3685`	`3685`	`V8::SetFlagsFromString(expose_debug_as, sizeof(expose_debug_as) - 1);`
`3686`	`3686`	`}`
`3687`	`3687`
	`3688`	`+ // Unconditionally force typed arrays to allocate outside the v8 heap. This`
	`3689`	`+ // is to prevent memory pointers from being moved around that are returned by`
	`3690`	`+ // Buffer::Data().`
	`3691`	`+ const char no_typed_array_heap[] = "--typed_array_max_size_in_heap=0";`
	`3692`	`+ V8::SetFlagsFromString(no_typed_array_heap, sizeof(no_typed_array_heap) - 1);`
	`3693`	`+`
`3688`	`3694`	`if (!use_debug_agent) {`
`3689`	`3695`	`RegisterDebugSignalHandler();`
`3690`	`3696`	`}`