[wasm] Crash on out of memory under correctness fuzzer

Bug: chromium:828293 Change-Id: I37002c308738eef1366d82a90b7b29d6e44d6c48 Reviewed-on: https://chromium-review.googlesource.com/996585 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52405}

[wasm] Crash on out of memory under correctness fuzzer
Bug: chromium:828293 Change-Id: I37002c308738eef1366d82a90b7b29d6e44d6c48 Reviewed-on: https://chromium-review.googlesource.com/996585 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52405}
e90a052e · Eric Holk · Commit Bot · ceaf02d6 · e90a052e
Commit e90a052e authored Apr 05, 2018 by Eric Holk Committed by Commit Bot Apr 05, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

wasm-memory.cc src/wasm/wasm-memory.cc +8 -0

No files found.
--- a/src/wasm/wasm-memory.cc
+++ b/src/wasm/wasm-memory.cc
@@ -43,6 +43,14 @@ void* TryAllocateBackingStore(WasmMemoryTracker* memory_tracker, Heap* heap,
    // After first and second GC: retry.
    if (trial < 2) continue;
    // We are over the address space limit. Fail.
+    //
+    // When running under the correctness fuzzer (i.e.
+    // --abort-on-stack-or-string-length-overflow is preset), we crash instead
+    // so it is not incorrectly reported as a correctness violation. See
+    // https://crbug.com/828293#c4
+    if (FLAG_abort_on_stack_or_string_length_overflow) {
+      FATAL("could not allocate wasm memory");
+    }
    return nullptr;
  }