[wasm] The interpreter should not grow memory beyond module->mem_max_pages.

R=titzer@chromium.org
BUG=chromium:679352
TEST=cctest/test-run-wasm-interpreter/GrowMemory

Review-Url: https://codereview.chromium.org/2627943002
Cr-Commit-Position: refs/heads/master@{#42240}

src/wasm/wasm-interpreter.cc

@@ -664,7 +664,8 @@ static inline int32_t ExecuteGrowMemory(uint32_t delta_pages,
                                         WasmInstance* instance) {
   // TODO(ahaas): Move memory allocation to wasm-module.cc for better
   // encapsulation.
-  if (delta_pages > wasm::kV8MaxWasmMemoryPages) {
+  if (delta_pages > wasm::kV8MaxWasmMemoryPages ||
+      delta_pages > instance->module->max_mem_pages) {
     return -1;
   }
   uint32_t old_size = instance->mem_size;
@@ -680,7 +681,9 @@ static inline int32_t ExecuteGrowMemory(uint32_t delta_pages,
   } else {
     DCHECK_NOT_NULL(instance->mem_start);
     new_size = old_size + delta_pages * wasm::WasmModule::kPageSize;
-    if (new_size > wasm::kV8MaxWasmMemoryPages * wasm::WasmModule::kPageSize) {
+    if (new_size / wasm::WasmModule::kPageSize > wasm::kV8MaxWasmMemoryPages ||
+        new_size / wasm::WasmModule::kPageSize >
+            instance->module->max_mem_pages) {
       return -1;
     }
     new_mem_start = static_cast<byte*>(realloc(instance->mem_start, new_size));

test/cctest/wasm/test-run-wasm-interpreter.cc

@@ -297,10 +297,20 @@ TEST(Breakpoint_I32And_disable) {
 }
 
 TEST(GrowMemory) {
-  WasmRunner<int32_t, uint32_t> r(kExecuteInterpreted);
-  r.module().AddMemory(WasmModule::kPageSize);
-  BUILD(r, WASM_GROW_MEMORY(WASM_GET_LOCAL(0)));
-  CHECK_EQ(1, r.Call(1));
+  {
+    WasmRunner<int32_t, uint32_t> r(kExecuteInterpreted);
+    r.module().AddMemory(WasmModule::kPageSize);
+    r.module().SetMaxMemPages(10);
+    BUILD(r, WASM_GROW_MEMORY(WASM_GET_LOCAL(0)));
+    CHECK_EQ(1, r.Call(1));
+  }
+  {
+    WasmRunner<int32_t, uint32_t> r(kExecuteInterpreted);
+    r.module().AddMemory(WasmModule::kPageSize);
+    r.module().SetMaxMemPages(10);
+    BUILD(r, WASM_GROW_MEMORY(WASM_GET_LOCAL(0)));
+    CHECK_EQ(-1, r.Call(11));
+  }
 }
 
 TEST(GrowMemoryPreservesData) {

test/cctest/wasm/wasm-run-utils.h

@@ -181,6 +181,10 @@ class TestingModule : public ModuleEnv {
     rng.NextBytes(raw, end - raw);
   }
 
+  void SetMaxMemPages(uint32_t max_mem_pages) {
+    module_.max_mem_pages = max_mem_pages;
+  }
+
   uint32_t AddFunction(FunctionSig* sig, Handle<Code> code, const char* name) {
     if (module->functions.size() == 0) {
       // TODO(titzer): Reserving space here to avoid the underlying WasmFunction