• Jakob Kummerow's avatar
    [ubsan] Fix various ClusterFuzz-found issues · 91f0cd00
    Jakob Kummerow authored
    Fixing a few float and int overflows.
    Drive-by fix: with --experimental-wasm-bigint, Number values
    may not be used to initialize i64-typed globals. The existing
    code for doing that relied on UB; since it's a spec violation
    the fix is to throw instead.
    
    No regression test for 933103 because it will OOM anyway.
    No regression test for 932896 because it would be extremely slow.
    
    Bug: chromium:927894, chromium:927996, chromium:930086, chromium:932679, chromium:932896, chromium:933103, chromium:933134
    Change-Id: Iae1c1ff1038af4512a52d3e56b8c4b75f2233314
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495911
    Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
    Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
    Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#60075}
    91f0cd00
Name
Last commit
Last update
..
baseline Loading commit data...
OWNERS Loading commit data...
compilation-environment.h Loading commit data...
decoder.h Loading commit data...
function-body-decoder-impl.h Loading commit data...
function-body-decoder.cc Loading commit data...
function-body-decoder.h Loading commit data...
function-compiler.cc Loading commit data...
function-compiler.h Loading commit data...
graph-builder-interface.cc Loading commit data...
graph-builder-interface.h Loading commit data...
js-to-wasm-wrapper-cache-inl.h Loading commit data...
jump-table-assembler.cc Loading commit data...
jump-table-assembler.h Loading commit data...
leb-helper.h Loading commit data...
local-decl-encoder.cc Loading commit data...
local-decl-encoder.h Loading commit data...
memory-tracing.cc Loading commit data...
memory-tracing.h Loading commit data...
module-compiler.cc Loading commit data...
module-compiler.h Loading commit data...
module-decoder.cc Loading commit data...
module-decoder.h Loading commit data...
module-instantiate.cc Loading commit data...
module-instantiate.h Loading commit data...
object-access.h Loading commit data...
signature-map.cc Loading commit data...
signature-map.h Loading commit data...
streaming-decoder.cc Loading commit data...
streaming-decoder.h Loading commit data...
value-type.h Loading commit data...
wasm-code-manager.cc Loading commit data...
wasm-code-manager.h Loading commit data...
wasm-constants.h Loading commit data...
wasm-debug.cc Loading commit data...
wasm-engine.cc Loading commit data...
wasm-engine.h Loading commit data...
wasm-external-refs.cc Loading commit data...
wasm-external-refs.h Loading commit data...
wasm-feature-flags.h Loading commit data...
wasm-features.cc Loading commit data...
wasm-features.h Loading commit data...
wasm-import-wrapper-cache-inl.h Loading commit data...
wasm-interpreter.cc Loading commit data...
wasm-interpreter.h Loading commit data...
wasm-js.cc Loading commit data...
wasm-js.h Loading commit data...
wasm-limits.h Loading commit data...
wasm-linkage.h Loading commit data...
wasm-memory.cc Loading commit data...
wasm-memory.h Loading commit data...
wasm-module-builder.cc Loading commit data...
wasm-module-builder.h Loading commit data...
wasm-module.cc Loading commit data...
wasm-module.h Loading commit data...
wasm-objects-inl.h Loading commit data...
wasm-objects.cc Loading commit data...
wasm-objects.h Loading commit data...
wasm-opcodes.cc Loading commit data...
wasm-opcodes.h Loading commit data...
wasm-result.cc Loading commit data...
wasm-result.h Loading commit data...
wasm-serialization.cc Loading commit data...
wasm-serialization.h Loading commit data...
wasm-text.cc Loading commit data...
wasm-text.h Loading commit data...
wasm-tier.h Loading commit data...
wasm-value.h Loading commit data...