Commit bce455a3 authored by Clemens Backes's avatar Clemens Backes Committed by Commit Bot

[wasm][serialization] Skip redundant information

Writing out the number of functions in the module is unnecessary. That
number is only used for validation when reading back the value, but only
validating that number is pretty arbitrary and does not protect against
bugs or attacks. Hence skip these two header fields.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: I083075e2c8959f99690fd1478d0950a25eb7311f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644946
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72326}
parent 698508e1
......@@ -186,10 +186,7 @@ uint32_t GetWasmCalleeTag(RelocInfo* rinfo) {
#endif
}
constexpr size_t kHeaderSize =
sizeof(uint32_t) + // total wasm function count
sizeof(uint32_t) + // imported functions (index of first wasm function)
sizeof(size_t); // total code size
constexpr size_t kHeaderSize = sizeof(size_t); // total code size
constexpr size_t kCodeHeaderSize = sizeof(bool) + // whether code is present
sizeof(int) + // offset of constant pool
......@@ -327,8 +324,6 @@ void NativeModuleSerializer::WriteHeader(Writer* writer,
// TODO(eholk): We need to properly preserve the flag whether the trap
// handler was used or not when serializing.
writer->Write(native_module_->num_functions());
writer->Write(native_module_->num_imported_functions());
writer->Write(total_code_size);
}
......@@ -527,7 +522,7 @@ class V8_EXPORT_PRIVATE NativeModuleDeserializer {
friend class CopyAndRelocTask;
friend class PublishTask;
bool ReadHeader(Reader* reader);
void ReadHeader(Reader* reader);
DeserializationUnit ReadCode(int fn_index, Reader* reader);
void CopyAndRelocate(const DeserializationUnit& unit);
void Publish(std::vector<DeserializationUnit> batch);
......@@ -616,7 +611,7 @@ bool NativeModuleDeserializer::Read(Reader* reader) {
read_called_ = true;
#endif
if (!ReadHeader(reader)) return false;
ReadHeader(reader);
uint32_t total_fns = native_module_->num_functions();
uint32_t first_wasm_fn = native_module_->num_imported_functions();
......@@ -668,12 +663,8 @@ bool NativeModuleDeserializer::Read(Reader* reader) {
return reader->current_size() == 0;
}
bool NativeModuleDeserializer::ReadHeader(Reader* reader) {
uint32_t functions = reader->Read<uint32_t>();
uint32_t imports = reader->Read<uint32_t>();
void NativeModuleDeserializer::ReadHeader(Reader* reader) {
remaining_code_size_ = reader->Read<size_t>();
return functions == native_module_->num_functions() &&
imports == native_module_->num_imported_functions();
}
DeserializationUnit NativeModuleDeserializer::ReadCode(int fn_index,
......
......@@ -61,14 +61,6 @@ class WasmSerializationTest {
memset(const_cast<uint8_t*>(wire_bytes_.data()), 0, wire_bytes_.size() / 2);
}
void InvalidateNumFunctions() {
Address num_functions_slot =
reinterpret_cast<Address>(serialized_bytes_.data()) +
WasmSerializer::kHeaderSize;
CHECK_EQ(1, base::ReadUnalignedValue<uint32_t>(num_functions_slot));
base::WriteUnalignedValue<uint32_t>(num_functions_slot, 0);
}
MaybeHandle<WasmModuleObject> Deserialize(
Vector<const char> source_url = {}) {
return DeserializeNativeModule(CcTest::i_isolate(),
......@@ -239,16 +231,6 @@ TEST(DeserializeNoSerializedData) {
test.CollectGarbage();
}
TEST(DeserializeInvalidNumFunctions) {
WasmSerializationTest test;
{
HandleScope scope(CcTest::i_isolate());
test.InvalidateNumFunctions();
CHECK(test.Deserialize().is_null());
}
test.CollectGarbage();
}
TEST(DeserializeWireBytesAndSerializedDataInvalid) {
WasmSerializationTest test;
{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment