Commit 73d60721 authored by Ben L. Titzer's avatar Ben L. Titzer Committed by Commit Bot

[asm.js] Enforce maximum number of parameters for asm.js.

R=bradnelson@chromium.org

Bug: chromium:810973
Change-Id: I818c17ef03b27df72976048b1873fc3f3a368900
Reviewed-on: https://chromium-review.googlesource.com/914330Reviewed-by: 's avatarBrad Nelson <bradnelson@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51252}
parent f6155f8b
......@@ -745,6 +745,12 @@ void AsmJsParser::ValidateFunction() {
CachedVector<AsmType*> params(cached_asm_type_p_vectors_);
ValidateFunctionParams(&params);
// Check against limit on number of parameters.
if (params.size() >= kV8MaxWasmFunctionParams) {
FAIL("Number of parameters exceeds internal limit");
}
CachedVector<ValueType> locals(cached_valuetype_vectors_);
ValidateFunctionLocals(params.size(), &locals);
......
// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
this.WScript = new Proxy({}, {
get() {
switch (name) {
}
}
});
function MjsUnitAssertionError() {
};
let __v_692 = `(function module() { "use asm";function foo(`;
const __v_693 =
3695;
for (let __v_695 = 0; __v_695 < __v_693; ++__v_695) {
__v_692 += `arg${__v_695},`;
}
try {
__v_692 += `arg${__v_693}){`;
} catch (e) {}
for (let __v_696 = 0; __v_696 <= __v_693; ++__v_696) {
__v_692 += `arg${__v_696}=+arg${__v_696};`;
}
__v_692 += "return 10;}function bar(){return foo(";
for (let __v_697 = 0; __v_697 < __v_693; ++__v_697) {
__v_692 += "0.0,";
}
__v_692 += "1.0)|0;}";
__v_692 += "return bar})()()";
const __v_694 = eval(__v_692);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment