• Enrico Bacis's avatar
    [wasm] Fix grow-memory on exported memory · 8ee06838
    Enrico Bacis authored
    The WASM spec maximum memory size is higher than internal V8 maximum object
    size. When a memory object grows above this limit (and only in that case), we
    should signal an error.
    
    This worked for not-exported memory; however when growing exported memory, the
    code was comparing the V8 memory limit with the maximum number of pages defined
    in the module, instead of the current number of pages + the number of new
    required pages. This lead to signaling errors even when growing exported memory
    below the V8 limit if the maximum number of pages specified in the module was
    higher than the V8 limit.
    
    GrowMemoryBuffer already checks that we do not grow a memory buffer past the
    maximum size specified as parameter, so we can pass it the minimum between the
    the V8 limit and the maximum number of pages specified in the module.
    
    This CL introduces a test in test/mjsunit/wasm/import-memory.js that triggers
    the problematic path and a patch to fix it.
    
    R=ahaas@chromium.org,clemensh@chromium.org,gdeepti@chromium.org
    
    Change-Id: I5a8da420418b394d61e1ba3cdf4408c3c09e61b6
    Reviewed-on: https://chromium-review.googlesource.com/600217Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
    Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
    Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
    Commit-Queue: Enrico Bacis <enricobacis@google.com>
    Cr-Commit-Position: refs/heads/master@{#47395}
    8ee06838
wasm-objects.cc 56.2 KB