Commit 6d7ed2e8 authored by Jakob Kummerow's avatar Jakob Kummerow Committed by V8 LUCI CQ

[wasm] 32-bit platforms: lower kV8MaxWasmMemoryPages by 1

To make sure that Wasm memories don't exceed JSArrayBuffer size.
This change shouldn't affect real-world modules, because finding
enough contiguous address space to allocate that much memory is
virtually impossible anyway.

Fixed: chromium:1242339
Change-Id: I68873796b9afb798cb1a64e5e1acc495cf509159
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328783
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78336}
parent 2e96d321
......@@ -292,7 +292,7 @@ transitioning macro ConstructByArrayBuffer(implicit context: Context)(
// in the step 12 branch.
newByteLength = bufferByteLength - offset;
newLength = elementsInfo.CalculateLength(newByteLength)
otherwise IfInvalidOffset;
otherwise IfInvalidLength;
// 12. Else,
} else {
......
......@@ -91,6 +91,7 @@ void JSArrayBuffer::Attach(std::shared_ptr<BackingStore> backing_store) {
// invariant that their byte_length field is always 0.
set_byte_length(0);
} else {
CHECK_LE(backing_store->byte_length(), kMaxByteLength);
set_byte_length(backing_store->byte_length());
}
set_max_byte_length(backing_store->max_byte_length());
......
......@@ -1649,6 +1649,9 @@ WasmCodeManager* GetWasmCodeManager() {
// {max_mem_pages} is declared in wasm-limits.h.
uint32_t max_mem_pages() {
static_assert(
kV8MaxWasmMemoryPages * kWasmPageSize <= JSArrayBuffer::kMaxByteLength,
"Wasm memories must not be bigger than JSArrayBuffers");
STATIC_ASSERT(kV8MaxWasmMemoryPages <= kMaxUInt32);
return std::min(uint32_t{kV8MaxWasmMemoryPages}, FLAG_wasm_max_mem_pages);
}
......
......@@ -40,7 +40,7 @@ constexpr size_t kV8MaxWasmDataSegments = 100000;
// Also, do not use this limit to validate declared memory, use
// kSpecMaxMemoryPages for that.
constexpr size_t kV8MaxWasmMemoryPages = kSystemPointerSize == 4
? 32768 // = 2 GiB
? 32767 // = 2 GiB
: 65536; // = 4 GiB
constexpr size_t kV8MaxWasmStringSize = 100000;
constexpr size_t kV8MaxWasmModuleSize = 1024 * 1024 * 1024; // = 1 GiB
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment