[wasm] Fix a bug when accessing array buffer contents during Exceptions

The data of an ArrayBuffer lives at backing_store(), not at allocation_base(), which is just used as the pointer to free when the buffer is unreachable. Change-Id: Id6157ec4cf5b42631461327b3e6078fe25d20c57 Reviewed-on: https://chromium-review.googlesource.com/1143189Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#54551}

[wasm] Fix a bug when accessing array buffer contents during Exceptions
The data of an ArrayBuffer lives at backing_store(), not at allocation_base(), which is just used as the pointer to free when the buffer is unreachable. Change-Id: Id6157ec4cf5b42631461327b3e6078fe25d20c57 Reviewed-on: https://chromium-review.googlesource.com/1143189Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#54551}
9abcfd4c · Peter Marshall · Commit Bot · 1bd48322 · 9abcfd4c
Commit 9abcfd4c authored Jul 19, 2018 by Peter Marshall Committed by Commit Bot Jul 19, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

runtime-wasm.cc src/runtime/runtime-wasm.cc +1 -1

No files found.
--- a/src/runtime/runtime-wasm.cc
+++ b/src/runtime/runtime-wasm.cc
@@ -195,7 +195,7 @@ RUNTIME_FUNCTION(Runtime_WasmExceptionGetElement) {
        CONVERT_SMI_ARG_CHECKED(index, 0);
        CHECK_LT(index, Smi::ToInt(values->length()));
        auto* vals =
-            reinterpret_cast<uint16_t*>(values->GetBuffer()->allocation_base());
+            reinterpret_cast<uint16_t*>(values->GetBuffer()->backing_store());
        return Smi::FromInt(vals[index]);
      }
    }