| Index: src/wasm/wasm-module.cc
|
| diff --git a/src/wasm/wasm-module.cc b/src/wasm/wasm-module.cc
|
| index 3a4ac2dbef552e48cb2562ed785b3c3120a403b5..8686a6924e15aeab5dcff87fb24ea77125c1e52e 100644
|
| --- a/src/wasm/wasm-module.cc
|
| +++ b/src/wasm/wasm-module.cc
|
| @@ -185,6 +185,23 @@ Handle<JSArrayBuffer> NewArrayBuffer(Isolate* isolate, size_t size) {
|
| return buffer;
|
| }
|
|
|
| +int UpdateReferencesMask(bool update_globals) {
|
| + if (update_globals) {
|
| + return (1 << RelocInfo::WASM_MEMORY_REFERENCE) |
|
| + (1 << RelocInfo::WASM_MEMORY_BYTE_SIZE_REFERENCE) |
|
| + (1 << RelocInfo::WASM_MEMORY_WORD_SIZE_REFERENCE) |
|
| + (1 << RelocInfo::WASM_MEMORY_DWORD_SIZE_REFERENCE) |
|
| + (1 << RelocInfo::WASM_MEMORY_QWORD_SIZE_REFERENCE) |
|
| + (1 << RelocInfo::WASM_GLOBAL_REFERENCE);
|
| + } else {
|
| + return (1 << RelocInfo::WASM_MEMORY_REFERENCE) |
|
| + (1 << RelocInfo::WASM_MEMORY_BYTE_SIZE_REFERENCE) |
|
| + (1 << RelocInfo::WASM_MEMORY_WORD_SIZE_REFERENCE) |
|
| + (1 << RelocInfo::WASM_MEMORY_DWORD_SIZE_REFERENCE) |
|
| + (1 << RelocInfo::WASM_MEMORY_QWORD_SIZE_REFERENCE);
|
| + }
|
| +}
|
| +
|
| void RelocateInstanceCode(Handle<JSObject> instance, Address old_start,
|
| Address start, uint32_t prev_size,
|
| uint32_t new_size) {
|
| @@ -193,8 +210,7 @@ void RelocateInstanceCode(Handle<JSObject> instance, Address old_start,
|
| for (int i = 0; i < functions->length(); ++i) {
|
| Handle<Code> function = Handle<Code>(Code::cast(functions->get(i)));
|
| AllowDeferredHandleDereference embedding_raw_address;
|
| - int mask = (1 << RelocInfo::WASM_MEMORY_REFERENCE) |
|
| - (1 << RelocInfo::WASM_MEMORY_SIZE_REFERENCE);
|
| + int mask = UpdateReferencesMask(false);
|
| for (RelocIterator it(*function, mask); !it.done(); it.next()) {
|
| it.rinfo()->update_wasm_memory_reference(old_start, start, prev_size,
|
| new_size);
|
| @@ -624,9 +640,7 @@ static void ResetCompiledModule(Isolate* isolate, JSObject* owner,
|
| old_mem_address =
|
| static_cast<Address>(JSArrayBuffer::cast(mem_start)->backing_store());
|
| }
|
| - int mode_mask = RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_REFERENCE) |
|
| - RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_SIZE_REFERENCE) |
|
| - RelocInfo::ModeMask(RelocInfo::WASM_GLOBAL_REFERENCE);
|
| + int mode_mask = UpdateReferencesMask(true);
|
|
|
| Object* fct_obj = compiled_module->ptr_to_code_table();
|
| if (fct_obj != nullptr && fct_obj != undefined &&
|
| @@ -2036,8 +2050,7 @@ bool UpdateWasmModuleMemory(Handle<JSObject> object, Address old_start,
|
| obj = code_table->get(i);
|
| Handle<Code> code(Code::cast(obj));
|
|
|
| - int mode_mask = RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_REFERENCE) |
|
| - RelocInfo::ModeMask(RelocInfo::WASM_MEMORY_SIZE_REFERENCE);
|
| + int mode_mask = UpdateReferencesMask(false);
|
| for (RelocIterator it(*code, mode_mask); !it.done(); it.next()) {
|
| RelocInfo::Mode mode = it.rinfo()->rmode();
|
| if (RelocInfo::IsWasmMemoryReference(mode) ||
|
| @@ -2196,7 +2209,6 @@ int32_t GrowInstanceMemory(Isolate* isolate, Handle<JSObject> instance,
|
| if (!maybe_mem_buffer.ToHandle(&old_buffer)) {
|
| // If module object does not have linear memory associated with it,
|
| // Allocate new array buffer of given size.
|
| - // TODO(gdeepti): Fix bounds check to take into account size of memtype.
|
| new_size = pages * WasmModule::kPageSize;
|
| // The code generated in the wasm compiler guarantees this precondition.
|
| DCHECK(pages <= WasmModule::kMaxMemPages);
|
|
|
Chromium Code Reviews
Issue 2416543002:
[wasm] Fix bounds check for zero initial memory. (Closed)
