test/fuzzer/wasm-compile.cc · cef8c1f32daad0666bca562f5b14222f8a758a91 · Linshizhi / V8

[wasm][fuzzer] Avoid huge arrays in the fuzzer · cef8c1f3

Thibaud Michaud authored Nov 02, 2021

Apply a "modulo" (i32.rem_s) operator to the array size before
allocating the array. The unbounded array allocations frequently lead to
out-of-memory crashes in the fuzzer.

R=manoskouk@chromium.org

Bug: chromium:1238063, chromium:1258319
Change-Id: Ie344f783323294c711d75b6e004ff2dca4da5923
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256548
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77657}

cef8c1f3

wasm-compile.cc 91.3 KB

Replace wasm-compile.cc