• Jakob Kummerow's avatar
    [ubsan] Fix various ClusterFuzz-found issues · 91f0cd00
    Jakob Kummerow authored
    Fixing a few float and int overflows.
    Drive-by fix: with --experimental-wasm-bigint, Number values
    may not be used to initialize i64-typed globals. The existing
    code for doing that relied on UB; since it's a spec violation
    the fix is to throw instead.
    
    No regression test for 933103 because it will OOM anyway.
    No regression test for 932896 because it would be extremely slow.
    
    Bug: chromium:927894, chromium:927996, chromium:930086, chromium:932679, chromium:932896, chromium:933103, chromium:933134
    Change-Id: Iae1c1ff1038af4512a52d3e56b8c4b75f2233314
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495911
    Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
    Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
    Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#60075}
    91f0cd00
Name
Last commit
Last update
..
arm Loading commit data...
arm64 Loading commit data...
ia32 Loading commit data...
mips Loading commit data...
mips64 Loading commit data...
ppc Loading commit data...
s390 Loading commit data...
x64 Loading commit data...
arguments.tq Loading commit data...
array-copywithin.tq Loading commit data...
array-every.tq Loading commit data...
array-filter.tq Loading commit data...
array-find.tq Loading commit data...
array-findindex.tq Loading commit data...
array-foreach.tq Loading commit data...
array-join.tq Loading commit data...
array-lastindexof.tq Loading commit data...
array-map.tq Loading commit data...
array-of.tq Loading commit data...
array-reduce-right.tq Loading commit data...
array-reduce.tq Loading commit data...
array-reverse.tq Loading commit data...
array-slice.tq Loading commit data...
array-some.tq Loading commit data...
array-splice.tq Loading commit data...
array-unshift.tq Loading commit data...
array.tq Loading commit data...
base.tq Loading commit data...
builtins-api.cc Loading commit data...
builtins-arguments-gen.cc Loading commit data...
builtins-arguments-gen.h Loading commit data...
builtins-array-gen.cc Loading commit data...
builtins-array-gen.h Loading commit data...
builtins-array.cc Loading commit data...
builtins-arraybuffer.cc Loading commit data...
builtins-async-function-gen.cc Loading commit data...
builtins-async-gen.cc Loading commit data...
builtins-async-gen.h Loading commit data...
builtins-async-generator-gen.cc Loading commit data...
builtins-async-iterator-gen.cc Loading commit data...
builtins-bigint-gen.cc Loading commit data...
builtins-bigint.cc Loading commit data...
builtins-boolean-gen.cc Loading commit data...
builtins-boolean.cc Loading commit data...
builtins-call-gen.cc Loading commit data...
builtins-call-gen.h Loading commit data...
builtins-call.cc Loading commit data...
builtins-callsite.cc Loading commit data...
builtins-collections-gen.cc Loading commit data...
builtins-collections-gen.h Loading commit data...
builtins-collections.cc Loading commit data...
builtins-console-gen.cc Loading commit data...
builtins-console.cc Loading commit data...
builtins-constructor-gen.cc Loading commit data...
builtins-constructor-gen.h Loading commit data...
builtins-constructor.h Loading commit data...
builtins-conversion-gen.cc Loading commit data...
builtins-data-view-gen.h Loading commit data...
builtins-dataview.cc Loading commit data...
builtins-date-gen.cc Loading commit data...
builtins-date.cc Loading commit data...
builtins-debug-gen.cc Loading commit data...
builtins-definitions.h Loading commit data...
builtins-descriptors.h Loading commit data...
builtins-error.cc Loading commit data...
builtins-extras-utils.cc Loading commit data...
builtins-function-gen.cc Loading commit data...
builtins-function.cc Loading commit data...
builtins-generator-gen.cc Loading commit data...
builtins-global-gen.cc Loading commit data...
builtins-global.cc Loading commit data...
builtins-handler-gen.cc Loading commit data...
builtins-ic-gen.cc Loading commit data...
builtins-internal-gen.cc Loading commit data...
builtins-internal.cc Loading commit data...
builtins-interpreter-gen.cc Loading commit data...
builtins-intl-gen.cc Loading commit data...
builtins-intl.cc Loading commit data...
builtins-iterator-gen.cc Loading commit data...
builtins-iterator-gen.h Loading commit data...
builtins-json.cc Loading commit data...
builtins-lazy-gen.cc Loading commit data...
builtins-lazy-gen.h Loading commit data...
builtins-math-gen.cc Loading commit data...
builtins-math-gen.h Loading commit data...
builtins-math.cc Loading commit data...
builtins-microtask-queue-gen.cc Loading commit data...
builtins-number-gen.cc Loading commit data...
builtins-number.cc Loading commit data...
builtins-object-gen.cc Loading commit data...
builtins-object-gen.h Loading commit data...
builtins-object.cc Loading commit data...
builtins-promise-gen.cc Loading commit data...
builtins-promise-gen.h Loading commit data...
builtins-promise.cc Loading commit data...
builtins-promise.h Loading commit data...
builtins-proxy-gen.cc Loading commit data...
builtins-proxy-gen.h Loading commit data...
builtins-reflect-gen.cc Loading commit data...
builtins-reflect.cc Loading commit data...
builtins-regexp-gen.cc Loading commit data...
builtins-regexp-gen.h Loading commit data...
builtins-regexp.cc Loading commit data...
builtins-sharedarraybuffer-gen.cc Loading commit data...
builtins-sharedarraybuffer.cc Loading commit data...
builtins-string-gen.cc Loading commit data...
builtins-string-gen.h Loading commit data...
builtins-string.cc Loading commit data...
builtins-symbol-gen.cc Loading commit data...
builtins-symbol.cc Loading commit data...
builtins-trace.cc Loading commit data...
builtins-typed-array-gen.cc Loading commit data...
builtins-typed-array-gen.h Loading commit data...
builtins-typed-array.cc Loading commit data...
builtins-utils-gen.h Loading commit data...
builtins-utils-inl.h Loading commit data...
builtins-utils.h Loading commit data...
builtins-wasm-gen.cc Loading commit data...
builtins-weak-refs.cc Loading commit data...
builtins.cc Loading commit data...
builtins.h Loading commit data...
collections.tq Loading commit data...
constants-table-builder.cc Loading commit data...
constants-table-builder.h Loading commit data...
data-view.tq Loading commit data...
extras-utils.tq Loading commit data...
frames.tq Loading commit data...
generate-bytecodes-builtins-list.cc Loading commit data...
growable-fixed-array-gen.cc Loading commit data...
growable-fixed-array-gen.h Loading commit data...
growable-fixed-array.tq Loading commit data...
iterator.tq Loading commit data...
object-fromentries.tq Loading commit data...
setup-builtins-internal.cc Loading commit data...
string-endswith.tq Loading commit data...
string-startswith.tq Loading commit data...
typed-array-createtypedarray.tq Loading commit data...
typed-array-filter.tq Loading commit data...
typed-array-foreach.tq Loading commit data...
typed-array-reduce.tq Loading commit data...
typed-array-reduceright.tq Loading commit data...
typed-array-slice.tq Loading commit data...
typed-array-subarray.tq Loading commit data...
typed-array.tq Loading commit data...