Commit f6d5504f authored by Ben L. Titzer's avatar Ben L. Titzer Committed by Commit Bot

[wasm] Fix patching of table sizes.

BUG=chromium:752423
R=mtrofin@chromium.org,bradnelson@chromium.org

Change-Id: Ie6d80a82cd40b598e917a79842e6639e73be9194
Reviewed-on: https://chromium-review.googlesource.com/606587Reviewed-by: 's avatarMircea Trofin <mtrofin@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47251}
parent 7f58863d
...@@ -341,11 +341,7 @@ void RelocInfo::update_wasm_function_table_size_reference( ...@@ -341,11 +341,7 @@ void RelocInfo::update_wasm_function_table_size_reference(
Isolate* isolate, uint32_t old_size, uint32_t new_size, Isolate* isolate, uint32_t old_size, uint32_t new_size,
ICacheFlushMode icache_flush_mode) { ICacheFlushMode icache_flush_mode) {
DCHECK(IsWasmFunctionTableSizeReference(rmode_)); DCHECK(IsWasmFunctionTableSizeReference(rmode_));
uint32_t current_size_reference = wasm_function_table_size_reference(); unchecked_update_wasm_size(isolate, new_size, icache_flush_mode);
uint32_t updated_size_reference =
new_size + (current_size_reference - old_size);
unchecked_update_wasm_size(isolate, updated_size_reference,
icache_flush_mode);
} }
void RelocInfo::set_target_address(Isolate* isolate, Address target, void RelocInfo::set_target_address(Isolate* isolate, Address target,
......
// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --expose-wasm
'use strict';
load("test/mjsunit/wasm/wasm-constants.js");
load("test/mjsunit/wasm/wasm-module-builder.js");
var builder = new WasmModuleBuilder();
builder.addImportedTable("x", "table", 1, 10000000);
builder.addFunction("main", kSig_i_i)
.addBody([
kExprI32Const, 0,
kExprGetLocal, 0,
kExprCallIndirect, 0, kTableZero])
.exportAs("main");
let module = new WebAssembly.Module(builder.toBuffer());
let table = new WebAssembly.Table({element: "anyfunc",
initial: 1, maximum:1000000});
let instance = new WebAssembly.Instance(module, {x: {table:table}});
table.grow(0x40001);
let instance2 = new WebAssembly.Instance(module, {x: {table:table}});
try {
instance2.exports.main(402982); // should be OOB
} catch (e) {
print("Correctly caught: ", e);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment