Wouldn't it be possible to set it per partition? All of these allocations currently come from the ArrayBuffer partition. https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/platform/wtf/allocator/partitions.cc;l=52;drc=ee4cff87f02e46e1fbbdaef0aa123e05761b35e8;bpv=1;bpt=1?originalUrl=https:%2F%2Fcs.chromium.org%2F
dave. On Mon, Mar 23, 2020 at 4:26 PM Chris Palmer <pal...@chromium.org> wrote: > On Mon, Mar 23, 2020 at 12:59 PM Jeremy Roman <jbro...@chromium.org> > wrote: > > I'm on the fence about Partition Alloc's 2 GiB limit. We (Chrome Platform >>> Security) have been lifting memory limits right and left as requirements >>> dictate, and this may be another case of that. We had hoped to use the >>> limits as a form of exploit mitigation/bug detection; for example, a single >>> allocation > 2 GiB was deemed more likely to be the result of int32_t >>> integer overflow (or exploit in progress) than a serious request for that >>> much memory. But perhaps that is no longer true, in a modern JavaScript >>> landscape. >>> >> >> Couldn't this be preserved with an allocation flag that permits large >> allocations or similar, if you feel that this was a valuable protection? >> > > Would it be possible to not set the flag in some renderer processes? Or > would we end up needing to enable it essentially everywhere? > -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAHgVhZX17PBvFFZrPiXAyphBn1FsC4yDMXO2eOHoO7O5c8Btrw%40mail.gmail.com.
