• Andreas Haas's avatar
    [wasm][bigint] Allow only bigints as i64-global imports · f87505ca
    Andreas Haas authored
    The fuzzer found a crash when we want to execute the {valueOf} function
    of an imported value for an i64-global. The problem is that we cannot
    execute JavaScript at that moment (I did not check why, I guess we open
    some scope at some point). I checked the WebAssembly spec now, and it
    defines that only numbers are valid values for imported globals. I
    adjust our bigint implementation accordingly with this CL, i.e. that
    only bigint values are valid as imported i64-globalsl.
    I also created github issues to discuss this problem.
    
    R=jkummerow@chromium.org
    
    Bug: chromium:1001804
    Change-Id: I47f0b31fab53163346f341ad290fd3c58e7707bf
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792167
    Commit-Queue: Andreas Haas <ahaas@chromium.org>
    Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#63621}
    f87505ca
Name
Last commit
Last update
..
embenchen Loading commit data...
OWNERS Loading commit data...
adapter-frame.js Loading commit data...
add-getters.js Loading commit data...
anyfunc-interpreter.js Loading commit data...
anyfunc.js Loading commit data...
anyref-globals-interpreter.js Loading commit data...
anyref-globals.js Loading commit data...
anyref-interpreter.js Loading commit data...
anyref-table.js Loading commit data...
anyref.js Loading commit data...
asm-wasm-copy.js Loading commit data...
asm-wasm-deopt.js Loading commit data...
asm-wasm-exception-in-tonumber.js Loading commit data...
asm-wasm-expr.js Loading commit data...
asm-wasm-f32.js Loading commit data...
asm-wasm-f64.js Loading commit data...
asm-wasm-heap.js Loading commit data...
asm-wasm-i32.js Loading commit data...
asm-wasm-imports.js Loading commit data...
asm-wasm-literals.js Loading commit data...
asm-wasm-math-intrinsic.js Loading commit data...
asm-wasm-memory.js Loading commit data...
asm-wasm-names.js Loading commit data...
asm-wasm-stack.js Loading commit data...
asm-wasm-stdlib.js Loading commit data...
asm-wasm-switch.js Loading commit data...
asm-wasm-u32.js Loading commit data...
asm-wasm.js Loading commit data...
asm-with-wasm-off.js Loading commit data...
async-compile.js Loading commit data...
atomics-stress.js Loading commit data...
atomics.js Loading commit data...
atomics64-stress.js Loading commit data...
bigint-i64-to-imported-js-func.js Loading commit data...
bigint.js Loading commit data...
bounds-check-64bit.js Loading commit data...
bounds-check-turbofan.js Loading commit data...
bulk-memory.js Loading commit data...
calls.js Loading commit data...
code-space-exhaustion.js Loading commit data...
compare-exchange-stress.js Loading commit data...
compare-exchange64-stress.js Loading commit data...
compilation-hints-async-compilation.js Loading commit data...
compilation-hints-decoder.js Loading commit data...
compilation-hints-ignored.js Loading commit data...
compilation-hints-interpreter.js Loading commit data...
compilation-hints-lazy-validation.js Loading commit data...
compilation-hints-streaming-compilation.js Loading commit data...
compilation-hints-streaming-lazy-validation.js Loading commit data...
compilation-hints-sync-compilation.js Loading commit data...
compilation-limits-asm.js Loading commit data...
compilation-limits.js Loading commit data...
compiled-module-management.js Loading commit data...
compiled-module-serialization.js Loading commit data...
data-segments.js Loading commit data...
disable-trap-handler.js Loading commit data...
disallow-codegen.js Loading commit data...
divrem-trap.js Loading commit data...
empirical_max_memory.js Loading commit data...
ensure-wasm-binaries-up-to-date.js Loading commit data...
errors.js Loading commit data...
exceptions-anyref-interpreter.js Loading commit data...
exceptions-anyref.js Loading commit data...
exceptions-export.js Loading commit data...
exceptions-global-interpreter.js Loading commit data...
exceptions-global.js Loading commit data...
exceptions-import.js Loading commit data...
exceptions-interpreter.js Loading commit data...
exceptions-rethrow-interpreter.js Loading commit data...
exceptions-rethrow.js Loading commit data...
exceptions-shared.js Loading commit data...
exceptions-simd-interpreter.js Loading commit data...
exceptions-simd.js Loading commit data...
exceptions-utils.js Loading commit data...
exceptions.js Loading commit data...
export-global.js Loading commit data...
export-identity.js Loading commit data...
export-mutable-global.js Loading commit data...
export-table.js Loading commit data...
expose-wasm.js Loading commit data...
ffi-error.js Loading commit data...
ffi.js Loading commit data...
float-constant-folding.js Loading commit data...
function-names.js Loading commit data...
function-prototype.js Loading commit data...
futex.js Loading commit data...
gc-buffer.js Loading commit data...
gc-frame.js Loading commit data...
gc-memory.js Loading commit data...
gc-stress.js Loading commit data...
globals.js Loading commit data...
graceful_shutdown.js Loading commit data...
graceful_shutdown_during_tierup.js Loading commit data...
grow-memory-detaching.js Loading commit data...
grow-memory-in-branch.js Loading commit data...
grow-memory-in-call.js Loading commit data...
grow-memory-in-loop.js Loading commit data...
grow-memory.js Loading commit data...
grow-shared-memory.js Loading commit data...
huge-memory.js Loading commit data...
import-function.js Loading commit data...
import-memory.js Loading commit data...
import-mutable-global.js Loading commit data...
import-table.js Loading commit data...
incrementer.wasm Loading commit data...
indirect-call-non-zero-table-interpreter.js Loading commit data...
indirect-call-non-zero-table.js Loading commit data...
indirect-calls.js Loading commit data...
indirect-sig-mismatch.js Loading commit data...
indirect-tables.js Loading commit data...
instance-gc.js Loading commit data...
instance-memory-gc-stress.js Loading commit data...
instantiate-module-basic.js Loading commit data...
instantiate-run-basic.js Loading commit data...
interpreter-mixed.js Loading commit data...
interpreter.js Loading commit data...
js-api.js Loading commit data...
large-offset.js Loading commit data...
lazy-compilation.js Loading commit data...
liftoff-trap-handler.js Loading commit data...
liftoff.js Loading commit data...
loop-rotation.js Loading commit data...
many-parameters.js Loading commit data...
memory-external-call.js Loading commit data...
memory-instance-validation.js Loading commit data...
memory-size.js Loading commit data...
memory.js Loading commit data...
memory_1gb_oob.js Loading commit data...
memory_2gb_oob.js Loading commit data...
memory_4gb_oob.js Loading commit data...
module-memory.js Loading commit data...
multi-table-element-section.js Loading commit data...
multi-value.js Loading commit data...
mutable-globals.js Loading commit data...
names.js Loading commit data...
origin-trial-flags.js Loading commit data...
parallel_compilation.js Loading commit data...
params.js Loading commit data...
print-code.js Loading commit data...
receiver.js Loading commit data...
return-calls.js Loading commit data...
serialize-lazy-module.js Loading commit data...
shared-memory-gc-stress.js Loading commit data...
shared-memory-worker-explicit-gc-stress.js Loading commit data...
shared-memory-worker-gc-stress.js Loading commit data...
shared-memory-worker-gc.js Loading commit data...
shared-memory-worker-stress.js Loading commit data...
shared-memory.js Loading commit data...
stack.js Loading commit data...
stackwalk.js Loading commit data...
start-function.js Loading commit data...
streaming-api.js Loading commit data...
streaming-compile.js Loading commit data...
streaming-error-position.js Loading commit data...
streaming-trap-location.js Loading commit data...
table-access-interpreter.js Loading commit data...
table-access.js Loading commit data...
table-copy-anyref.js Loading commit data...
table-copy.js Loading commit data...
table-fill-interpreter.js Loading commit data...
table-fill.js Loading commit data...
table-get.js Loading commit data...
table-grow-from-wasm-interpreter.js Loading commit data...
table-grow-from-wasm.js Loading commit data...
table-grow.js Loading commit data...
table-limits.js Loading commit data...
table.js Loading commit data...
test-wasm-module-builder.js Loading commit data...
tier-up-testing-flag.js Loading commit data...
trap-location.js Loading commit data...
type-reflection-with-anyref.js Loading commit data...
type-reflection-with-exnref.js Loading commit data...
type-reflection.js Loading commit data...
unicode-validation.js Loading commit data...
unicode.js Loading commit data...
unreachable-validation.js Loading commit data...
unreachable.js Loading commit data...
user-properties-common.js Loading commit data...
user-properties-constructed.js Loading commit data...
user-properties-exported.js Loading commit data...
user-properties-module.js Loading commit data...
user-properties-reexport.js Loading commit data...
verify-module-basic-errors.js Loading commit data...
wasm-api-overloading.js Loading commit data...
wasm-default.js Loading commit data...
wasm-math-intrinsic.js Loading commit data...
wasm-module-builder.js Loading commit data...
wasm-object-api.js Loading commit data...
worker-interpreter.js Loading commit data...
worker-memory.js Loading commit data...
worker-module.js Loading commit data...