[wasm] Limit module size in streaming decoder

Limit the allowed module size in the streaming decoder to 256kiB to avoid OOMs on systems that are very memory constained (32-bit ASan builds). Drive-by: Skip linting wasm fuzzer input files, as those are binary files. R=ahaas@chromium.org Bug: chromium:1334577, chromium:1337558 Change-Id: Ie5599088fd25c0bc7c8f9f1a953d31fe61a21844 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700073Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81602}

[wasm] Limit module size in streaming decoder
Limit the allowed module size in the streaming decoder to 256kiB to avoid OOMs on systems that are very memory constained (32-bit ASan builds). Drive-by: Skip linting wasm fuzzer input files, as those are binary files. R=ahaas@chromium.org Bug: chromium:1334577, chromium:1337558 Change-Id: Ie5599088fd25c0bc7c8f9f1a953d31fe61a21844 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700073Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81602}
5078eea1 · Clemens Backes · V8 LUCI CQ · 562e2186 · 5078eea1 · 5078eea1
Commit 5078eea1 authored Jul 08, 2022 by Clemens Backes Committed by V8 LUCI CQ Jul 08, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 6 deletions

PRESUBMIT.py PRESUBMIT.py +9 -5

wasm-streaming.cc test/fuzzer/wasm-streaming.cc +4 -1

regress-1334577 test/fuzzer/wasm_streaming/regress-1334577 +0 -0

No files found.
--- a/PRESUBMIT.py
+++ b/PRESUBMIT.py
@@ -486,14 +486,18 @@ def _CheckNoexceptAnnotations(input_api, output_api):
  """
  def FilterFile(affected_file):
-    return input_api.FilterSourceFile(
+    files_to_skip = _EXCLUDED_PATHS + (
-        affected_file,
-        files_to_check=(r'src[\\\/].*', r'test[\\\/].*'),
        # Skip api.cc since we cannot easily add the 'noexcept' annotation to
        # public methods.
+        r'src[\\\/]api[\\\/]api\.cc',
        # Skip src/bigint/ because it's meant to be V8-independent.
-        files_to_skip=(r'src[\\\/]api[\\\/]api\.cc',
+        r'src[\\\/]bigint[\\\/].*',
-                       r'src[\\\/]bigint[\\\/].*'))
+    )
+    return input_api.FilterSourceFile(
+        affected_file,
+        files_to_check=(r'src[\\\/].*\.cc', r'src[\\\/].*\.h',
+                        r'test[\\\/].*\.cc', r'test[\\\/].*\.h'),
+        files_to_skip=files_to_skip)
  # matches any class name.
  class_name = r'\b([A-Z][A-Za-z0-9_:]*)(?:::\1)?'

--- a/test/fuzzer/wasm-streaming.cc
+++ b/test/fuzzer/wasm-streaming.cc
@@ -43,7 +43,7 @@ struct CompilationResult {
 class TestResolver : public CompilationResultResolver {
 public:
-  TestResolver(i::Isolate* isolate) : isolate_(isolate) {}
+  explicit TestResolver(i::Isolate* isolate) : isolate_(isolate) {}
  void OnCompilationSucceeded(i::Handle<i::WasmModuleObject> module) override {
    done_ = true;
@@ -159,6 +159,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // the flag by itself.
  fuzzer::OneTimeEnableStagedWasmFeatures(isolate);
+  // Limit the maximum module size to avoid OOM.
+  FLAG_wasm_max_module_size = 256 * KB;
  WasmFeatures enabled_features = i::wasm::WasmFeatures::FromIsolate(i_isolate);
  base::Vector<const uint8_t> data_vec{data, size - 1};

--- a/test/fuzzer/wasm_streaming/regress-1334577
+++ b/test/fuzzer/wasm_streaming/regress-1334577