• Michael Starzinger's avatar
    [wasm] Fix bogus uses of {WasmGraphBuilder::Buffer}. · 47f3a53f
    Michael Starzinger authored
    With exception handling enabled new call paths open up, which will
    perform environment merging while a "call" or "call_indirect" is
    currently being emitted. This will lead to double-use of the buffer
    returned by calls to {Buffer} or {Realloc}. In general we should
    transition away from this optimization to safer constructs such as
    {base::SmallVector} to avoid such bugs.
    
    R=clemensb@chromium.org
    TEST=mjsunit/regress/regress-9832
    BUG=v8:9832
    
    Change-Id: I4c862ac1bc7dc34ad62279c82f6414153e8cbddb
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856006
    Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
    Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#64271}
    47f3a53f
wasm-compiler.cc 291 KB