Commit b29993f4 authored by Ben Smith's avatar Ben Smith Committed by Commit Bot

[wasm] Fix DCHECK with empty passive data segment

When getting the starting address of a data segment, you can't use
`&vector[offset]` if offset is equal to the length of the vector. This
can happen when the length of the segment is 0.

The fix is to use Vector::SubVector instead.

Bug: v8:9106
Change-Id: Icf8968cc246c6d217d8061f76fb2631c2292433c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560405
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60755}
parent a6bdcacd
......@@ -1606,9 +1606,11 @@ void WasmInstanceObject::InitDataSegmentArrays(
instance->dropped_data_segments()[i] = segment.active ? 1 : 0;
// Initialize the pointer and size of passive segments.
auto source_bytes = wire_bytes.SubVector(segment.source.offset(),
segment.source.end_offset());
instance->data_segment_starts()[i] =
reinterpret_cast<Address>(&wire_bytes[segment.source.offset()]);
instance->data_segment_sizes()[i] = segment.source.length();
reinterpret_cast<Address>(source_bytes.start());
instance->data_segment_sizes()[i] = source_bytes.length();
}
}
......
......@@ -357,6 +357,7 @@
'regress/regress-crbug-816961': [SKIP],
'regress/wasm/*': [SKIP],
'regress/regress-8947': [SKIP],
'regress/regress-v8-9106': [SKIP],
'wasm/*': [SKIP],
# Other tests that use asm / wasm / optimized code.
......
// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --experimental-wasm-bulk-memory
// Make sure DCHECK doesn't fire when passive data segment is at the end of the
// module.
let bytes = new Uint8Array([
0, 97, 115, 109, 1, 0, 0, 0, 1, 132, 128, 128, 128, 0, 1,
96, 0, 0, 3, 133, 128, 128, 128, 0, 4, 0, 0, 0, 0, 5,
131, 128, 128, 128, 0, 1, 0, 1, 7, 187, 128, 128, 128, 0, 4,
12, 100, 114, 111, 112, 95, 112, 97, 115, 115, 105, 118, 101, 0, 0,
12, 105, 110, 105, 116, 95, 112, 97, 115, 115, 105, 118, 101, 0, 1,
11, 100, 114, 111, 112, 95, 97, 99, 116, 105, 118, 101, 0, 2, 11,
105, 110, 105, 116, 95, 97, 99, 116, 105, 118, 101, 0, 3, 12, 129,
128, 128, 128, 0, 2, 10, 183, 128, 128, 128, 0, 4, 133, 128, 128,
128, 0, 0, 252, 9, 0, 11, 140, 128, 128, 128, 0, 0, 65, 0,
65, 0, 65, 0, 252, 8, 0, 0, 11, 133, 128, 128, 128, 0, 0,
252, 9, 1, 11, 140, 128, 128, 128, 0, 0, 65, 0, 65, 0, 65,
0, 252, 8, 1, 0, 11, 11, 136, 128, 128, 128, 0, 2, 1, 0,
0, 65, 0, 11, 0
]);
new WebAssembly.Instance(new WebAssembly.Module(bytes));
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment