[wasm] Fix bounds check for zero initial memory.

src/wasm/wasm-module.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 
 #include "src/base/atomic-utils.h"
 #include "src/code-stubs.h"
 
 #include "src/macro-assembler.h"
@@ skipping 167 matching lines @@
     DCHECK_EQ(0, bytes[i]);
   }
 #endif
 
   Handle<JSArrayBuffer> buffer = isolate->factory()->NewJSArrayBuffer();
   JSArrayBuffer::Setup(buffer, isolate, false, memory, static_cast<int>(size));
   buffer->set_is_neuterable(false);
   return buffer;
 }
 
+int UpdateReferencesMask(bool update_globals) {
+  if (update_globals) {
+    return (1 << RelocInfo::WASM_MEMORY_REFERENCE) |
+           (1 << RelocInfo::WASM_MEMORY_BYTE_SIZE_REFERENCE) |
+           (1 << RelocInfo::WASM_MEMORY_WORD_SIZE_REFERENCE) |
+           (1 << RelocInfo::WASM_MEMORY_DWORD_SIZE_REFERENCE) |
+           (1 << RelocInfo::WASM_MEMORY_QWORD_SIZE_REFERENCE) |
+           (1 << RelocInfo::WASM_GLOBAL_REFERENCE);
+  } else {
+    return (1 << RelocInfo::WASM_MEMORY_REFERENCE) |
+           (1 << RelocInfo::WASM_MEMORY_BYTE_SIZE_REFERENCE) |
+           (1 << RelocInfo::WASM_MEMORY_WORD_SIZE_REFERENCE) |
+           (1 << RelocInfo::WASM_MEMORY_DWORD_SIZE_REFERENCE) |
+           (1 << RelocInfo::WASM_MEMORY_QWORD_SIZE_REFERENCE);
+  }
+}
+
 void RelocateInstanceCode(Handle<JSObject> instance, Address old_start,
                           Address start, uint32_t prev_size,
                           uint32_t new_size) {
   Handle<FixedArray> functions = Handle<FixedArray>(
       FixedArray::cast(instance->GetInternalField(kWasmModuleCodeTable)));
   for (int i = 0; i < functions->length(); ++i) {
     Handle<Code> function = Handle<Code>(Code::cast(functions->get(i)));
     AllowDeferredHandleDereference embedding_raw_address;
-    int mask = (1 << RelocInfo::WASM_MEMORY_REFERENCE) |
-               (1 << RelocInfo::WASM_MEMORY_SIZE_REFERENCE);
+    int mask = UpdateReferencesMask(false);
     for (RelocIterator it(*function, mask); !it.done(); it.next()) {
       it.rinfo()->update_wasm_memory_reference(old_start, start, prev_size,
                                                new_size);
     }
   }
 }
 
 void RelocateGlobals(Handle<JSObject> instance, Address old_start,
                      Address globals_start) {
   Handle<FixedArray> functions = Handle<FixedArray>(
@@ skipping 409 matching lines @@
   Object* mem_start = compiled_module->ptr_to_heap();
   Address old_mem_address = nullptr;
   Address globals_start =
       GetGlobalStartAddressFromCodeTemplate(undefined, owner);
 
   if (old_mem_size > 0) {
     CHECK_NE(mem_start, undefined);
     old_mem_address =
         static_cast<Address>(JSArrayBuffer::cast(mem_start)->backing_store());
   }
-  int mode_mask = RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_REFERENCE) |
-                  RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_SIZE_REFERENCE) |
-                  RelocInfo::ModeMask(RelocInfo::WASM_GLOBAL_REFERENCE);
+  int mode_mask = UpdateReferencesMask(true);
 
   Object* fct_obj = compiled_module->ptr_to_code_table();
   if (fct_obj != nullptr && fct_obj != undefined &&
       (old_mem_size > 0 || globals_start != nullptr)) {
     FixedArray* functions = FixedArray::cast(fct_obj);
     for (int i = 0; i < functions->length(); ++i) {
       Code* code = Code::cast(functions->get(i));
       bool changed = false;
       for (RelocIterator it(code, mode_mask); !it.done(); it.next()) {
         RelocInfo::Mode mode = it.rinfo()->rmode();
@@ skipping 1389 matching lines @@
   // Get code table associated with the module js_object
   Object* obj = object->GetInternalField(kWasmModuleCodeTable);
   Handle<FixedArray> code_table(FixedArray::cast(obj));
 
   // Iterate through the code objects in the code table and update relocation
   // information
   for (int i = 0; i < code_table->length(); ++i) {
     obj = code_table->get(i);
     Handle<Code> code(Code::cast(obj));
 
-    int mode_mask = RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_REFERENCE) |
-                    RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_SIZE_REFERENCE);
+    int mode_mask = UpdateReferencesMask(false);
     for (RelocIterator it(*code, mode_mask); !it.done(); it.next()) {
       RelocInfo::Mode mode = it.rinfo()->rmode();
       if (RelocInfo::IsWasmMemoryReference(mode) ||
           RelocInfo::IsWasmMemorySizeReference(mode)) {
         it.rinfo()->update_wasm_memory_reference(old_start, new_start, old_size,
                                                  new_size);
       }
     }
   }
   return true;
@@ skipping 138 matching lines @@
   }
   Address old_mem_start = nullptr;
   uint32_t old_size = 0, new_size = 0;
 
   MaybeHandle<JSArrayBuffer> maybe_mem_buffer =
       GetInstanceMemory(isolate, instance);
   Handle<JSArrayBuffer> old_buffer;
   if (!maybe_mem_buffer.ToHandle(&old_buffer)) {
     // If module object does not have linear memory associated with it,
     // Allocate new array buffer of given size.
-    // TODO(gdeepti): Fix bounds check to take into account size of memtype.
     new_size = pages * WasmModule::kPageSize;
     // The code generated in the wasm compiler guarantees this precondition.
     DCHECK(pages <= WasmModule::kMaxMemPages);
   } else {
     old_mem_start = static_cast<Address>(old_buffer->backing_store());
     old_size = old_buffer->byte_length()->Number();
     // If the old memory was zero-sized, we should have been in the
     // "undefined" case above.
     DCHECK_NOT_NULL(old_mem_start);
     DCHECK_NE(0, old_size);
@@ skipping 68 matching lines @@
   WasmCompiledModule* compiled_module =
       WasmCompiledModule::cast(instance->GetInternalField(kWasmCompiledModule));
   CHECK(compiled_module->has_weak_module_object());
   CHECK(compiled_module->ptr_to_weak_module_object()->cleared());
 }
 
 }  // namespace testing
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8