qt
diff --git a/‎chromium/v8/src/heap/heap.cc
Lines changed: 4 additions & 0 deletions b/‎chromium/v8/src/heap/heap.cc
Lines changed: 4 additions & 0 deletions
diff --git a/‎chromium/v8/src/heap/heap.h
Lines changed: 2 additions & 0 deletions b/‎chromium/v8/src/heap/heap.h
Lines changed: 2 additions & 0 deletions
diff --git a/‎chromium/v8/src/json/json-parser.cc
Lines changed: 5 additions & 0 deletions b/‎chromium/v8/src/json/json-parser.cc
Lines changed: 5 additions & 0 deletions
@@ -2222,6 +2222,10 @@ void Heap::RecomputeLimits(GarbageCollector collector) {
   }
 }
 
+void Heap::EnsureSweepingCompleted() {
+  mark_compact_collector()->EnsureSweepingCompleted();
+}
+
 void Heap::CallGCPrologueCallbacks(GCType gc_type, GCCallbackFlags flags) {
   RuntimeCallTimerScope runtime_timer(
       isolate(), RuntimeCallCounterId::kGCPrologueCallback);
 
@@ -1065,6 +1065,8 @@ class Heap {
       Reservation* reservations, const std::vector<HeapObject>& large_objects,
       const std::vector<Address>& maps);
 
+  void EnsureSweepingCompleted();
+
   IncrementalMarking* incremental_marking() {
     return incremental_marking_.get();
   }
 
@@ -633,6 +633,11 @@ Handle<Object> JsonParser<Char>::BuildJsonObject(
         DCHECK_EQ(mutable_double_address, end);
       }
 #endif
+      // Before setting the length of mutable_double_buffer back to zero, we
+      // must ensure that the sweeper is not running or has already swept the
+      // object's page. Otherwise the GC can add the contents of
+      // mutable_double_buffer to the free list.
+      isolate()->heap()->EnsureSweepingCompleted();
       mutable_double_buffer->set_length(0);
     }
   }
Original file line number	Diff line number	Diff line change
`@@ -2222,6 +2222,10 @@ void Heap::RecomputeLimits(GarbageCollector collector) {`
`2222`	`2222`	`}`
`2223`	`2223`	`}`
`2224`	`2224`
	`2225`	`+void Heap::EnsureSweepingCompleted() {`
	`2226`	`+ mark_compact_collector()->EnsureSweepingCompleted();`
	`2227`	`+}`
	`2228`	`+`
`2225`	`2229`	`void Heap::CallGCPrologueCallbacks(GCType gc_type, GCCallbackFlags flags) {`
`2226`	`2230`	`RuntimeCallTimerScope runtime_timer(`
`2227`	`2231`	`isolate(), RuntimeCallCounterId::kGCPrologueCallback);`
Original file line number	Diff line number	Diff line change
`@@ -1065,6 +1065,8 @@ class Heap {`
`1065`	`1065`	`Reservation* reservations, const std::vector<HeapObject>& large_objects,`
`1066`	`1066`	`const std::vector<Address>& maps);`
`1067`	`1067`
	`1068`	`+ void EnsureSweepingCompleted();`
	`1069`	`+`
`1068`	`1070`	`IncrementalMarking* incremental_marking() {`
`1069`	`1071`	`return incremental_marking_.get();`
`1070`	`1072`	`}`
Original file line number	Diff line number	Diff line change
`@@ -633,6 +633,11 @@ Handle<Object> JsonParser<Char>::BuildJsonObject(`
`633`	`633`	`DCHECK_EQ(mutable_double_address, end);`
`634`	`634`	`}`
`635`	`635`	`#endif`
	`636`	`+ // Before setting the length of mutable_double_buffer back to zero, we`
	`637`	`+ // must ensure that the sweeper is not running or has already swept the`
	`638`	`+ // object's page. Otherwise the GC can add the contents of`
	`639`	`+ // mutable_double_buffer to the free list.`
	`640`	`+ isolate()->heap()->EnsureSweepingCompleted();`
`636`	`641`	`mutable_double_buffer->set_length(0);`
`637`	`642`	`}`
`638`	`643`	`}`