-
Enrico Bacis authored
The WASM spec maximum memory size is higher than internal V8 maximum object size. When a memory object grows above this limit (and only in that case), we should signal an error. This worked for not-exported memory; however when growing exported memory, the code was comparing the V8 memory limit with the maximum number of pages defined in the module, instead of the current number of pages + the number of new required pages. This lead to signaling errors even when growing exported memory below the V8 limit if the maximum number of pages specified in the module was higher than the V8 limit. GrowMemoryBuffer already checks that we do not grow a memory buffer past the maximum size specified as parameter, so we can pass it the minimum between the the V8 limit and the maximum number of pages specified in the module. This CL introduces a test in test/mjsunit/wasm/import-memory.js that triggers the problematic path and a patch to fix it. R=ahaas@chromium.org,clemensh@chromium.org,gdeepti@chromium.org Change-Id: I5a8da420418b394d61e1ba3cdf4408c3c09e61b6 Reviewed-on: https://chromium-review.googlesource.com/600217Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Enrico Bacis <enricobacis@google.com> Cr-Commit-Position: refs/heads/master@{#47395}
8ee06838
