• Andreas Haas's avatar
    [wasm] Fix insufficient bounds check in WebAssembly.get · e162eb44
    Andreas Haas authored
    According to the wasm js-spec, the table index can be uint32. The
    implementation in our implementation expected an int though. We did not
    check for the int overflow.
    
    I replaced the throwing of the exception in WasmTableObject::Get to use
    the ErrorThrower instead of throwing the exception with Isolate::Throw
    directly. The reason is that I see with other CL's that I have to throw
    several errors, and I don't want to introduce a new message and
    MessageId for every error. Moreover, the ErrorThrower is a standard way
    in wasm to throw errors. It feels right to throw the error the same way
    here.
    
    R=mstarzinger@chromium.org
    
    Bug: chromium:940296
    Change-Id: Idb77c813506fe66a3192b66fe0e8e807b80580ab
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514496
    Commit-Queue: Andreas Haas <ahaas@chromium.org>
    Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#60181}
    e162eb44
wasm-js.cc 71.9 KB