src/wasm/baseline · a71e5f9a7b3c968fd961683e305ff1cc9314754c · Linshizhi / V8

[wasm] Avoid integer overflow on function locals check · a71e5f9a

Clemens Hammacher authored Mar 08, 2018

On 32-bit systems, the computation {count + type_list->size()} can
overflow, leading to memory corruption later on.

R=titzer@chromium.org

Bug: chromium:819869
Change-Id: Ic81d201e58211e3989b4e945cd52e98dc951fbda
Reviewed-on: https://chromium-review.googlesource.com/955025
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51817}

a71e5f9a

Name	Last commit	Last update
..
arm		Loading commit data...
arm64		Loading commit data...
ia32		Loading commit data...
mips		Loading commit data...
mips64		Loading commit data...
ppc		Loading commit data...
s390		Loading commit data...
x64		Loading commit data...
DEPS		Loading commit data...
liftoff-assembler-defs.h		Loading commit data...
liftoff-assembler.cc		Loading commit data...
liftoff-assembler.h		Loading commit data...
liftoff-compiler.cc		Loading commit data...
liftoff-register.h		Loading commit data...