Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/wasm-compiler.cc

Issue 2490533003: [wasm] Always trap for memory accesses with offset=uint32_max. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/cctest/wasm/test-run-wasm.cc » ('j') | test/cctest/wasm/test-run-wasm.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/compiler/wasm-compiler.h" 5 #include "src/compiler/wasm-compiler.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "src/isolate-inl.h" 9 #include "src/isolate-inl.h"
10 10
(...skipping 2894 matching lines...) Expand 10 before | Expand all | Expand 10 after
2905 DCHECK(module_ && module_->instance); 2905 DCHECK(module_ && module_->instance);
2906 uint32_t size = module_->instance->mem_size; 2906 uint32_t size = module_->instance->mem_size;
2907 byte memsize = wasm::WasmOpcodes::MemSize(memtype); 2907 byte memsize = wasm::WasmOpcodes::MemSize(memtype);
2908 2908
2909 size_t effective_size; 2909 size_t effective_size;
2910 if (size <= offset || size < (static_cast<uint64_t>(offset) + memsize)) { 2910 if (size <= offset || size < (static_cast<uint64_t>(offset) + memsize)) {
2911 // Two checks are needed in the case where the offset is statically 2911 // Two checks are needed in the case where the offset is statically
2912 // out of bounds; one check for the offset being in bounds, and the next for 2912 // out of bounds; one check for the offset being in bounds, and the next for
2913 // the offset + index being out of bounds for code to be patched correctly 2913 // the offset + index being out of bounds for code to be patched correctly
2914 // on relocation. 2914 // on relocation.
2915 size_t effective_offset = offset + memsize - 1; 2915
2916 // Check for overflows.
2917 if ((std::numeric_limits<uint32_t>::max() - memsize) + 1 < offset) {
2918 // Always trap. Do not use TrapAlways because it does not create a valid
2919 // graph here.
2920 trap_->TrapIfEq32(wasm::kTrapMemOutOfBounds, jsgraph()->Int32Constant(0),
2921 0, position);
2922 return;
2923 }
2924 size_t effective_offset =
2925 (offset - 1) + memsize; // == offset + memsize - 1
titzer 2016/11/08 15:16:32 comment is probably unnecessary
2926
2916 Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(), 2927 Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(),
2917 jsgraph()->IntPtrConstant(effective_offset), 2928 jsgraph()->IntPtrConstant(effective_offset),
2918 jsgraph()->RelocatableInt32Constant( 2929 jsgraph()->RelocatableInt32Constant(
2919 static_cast<uint32_t>(size), 2930 static_cast<uint32_t>(size),
2920 RelocInfo::WASM_MEMORY_SIZE_REFERENCE)); 2931 RelocInfo::WASM_MEMORY_SIZE_REFERENCE));
2921 trap_->AddTrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position); 2932 trap_->AddTrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position);
2922 // For offset > effective size, this relies on check above to fail and 2933 // For offset > effective size, this relies on check above to fail and
2923 // effective size can be negative, relies on wrap around. 2934 // effective size can be negative, relies on wrap around.
2924 effective_size = size - offset - memsize + 1; 2935 effective_size = size - offset - memsize + 1;
2925 } else { 2936 } else {
(...skipping 559 matching lines...) Expand 10 before | Expand all | Expand 10 after
3485 function_->code_start_offset), 3496 function_->code_start_offset),
3486 compile_ms); 3497 compile_ms);
3487 } 3498 }
3488 3499
3489 return code; 3500 return code;
3490 } 3501 }
3491 3502
3492 } // namespace compiler 3503 } // namespace compiler
3493 } // namespace internal 3504 } // namespace internal
3494 } // namespace v8 3505 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | test/cctest/wasm/test-run-wasm.cc » ('j') | test/cctest/wasm/test-run-wasm.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698