-
Deepti Gandluri authored
Some state related to WasmMemories is cached on the JSArrayBuffer object (is_growable, is_wasm_memory). The problem with this is in some PostMessage flows, this information can get lost depending on how JSArrayBuffers are deserialized. In this particular case when the WasmMemory is postMessaged, it goes through the Blink DedicatedWorkerMessagingProxy::PostMessageToWorkerGlobalScope flow, which reconstructs the ArrayBuffer from the backing store, and size, and loses the is_growable flag, leading to a failure to grow memory. Moving the is_growable flag so that AllocationData can be the source of truth for all wasm memory state, and is consistently preserved across PostMessage. Change-Id: I775f66ddeff68b8cafc18b75ca5460dfb0343c8b Bug: v8:9065 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549789 Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by:
Ben Titzer <titzer@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#60641}
b0077b3b
