-
Eric Holk authored
Although Wasm memory indices are all unsigned, they sometimes get assembled as 32-bit signed immediates. Values in the top half of the Wasm memory space will then get sign extended, causing Wasm to access in front of its memory buffer. Usually this region is not mapped anyway, so faults still happen as they are supposed to. This change protects this region with guard pages so we are guaranteed to always fault when this happens. Bug: v8:5277 Change-Id: Id791fbe2a5ac1b1d75460e65c72b5b9db2a47ee7 Reviewed-on: https://chromium-review.googlesource.com/484747 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by:
Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#44905}
d7cdea6f
