| Index: src/wasm/ast-decoder.cc
|
| diff --git a/src/wasm/ast-decoder.cc b/src/wasm/ast-decoder.cc
|
| index 80af396021245b2642b4661a250aa332a8a2f74f..798f9d393a5bf10dba8e1c5b5ebb944e1d0f171e 100644
|
| --- a/src/wasm/ast-decoder.cc
|
| +++ b/src/wasm/ast-decoder.cc
|
| @@ -661,8 +661,13 @@ class WasmFullDecoder : public WasmDecoder {
|
| }
|
| // Decode local declarations, if any.
|
| uint32_t entries = consume_u32v("local decls count");
|
| + TRACE("local decls count: %u\n", entries);
|
| while (entries-- > 0 && pc_ < limit_) {
|
| uint32_t count = consume_u32v("local count");
|
| + if (count > kMaxNumWasmLocals) {
|
| + error(pc_ - 1, "local count too large");
|
| + return;
|
| + }
|
| byte code = consume_u8("local type");
|
| LocalType type;
|
| switch (code) {
|
|
|
Chromium Code Reviews
Issue 2271803004:
[wasm] Bound the allowed number of locals. (Closed)
