Chromium Code Reviews Chromium Code Reviews
Issue 2548223002:
[wasm] Update WasmMemoryObject correctly when module memory is exported. (Closed)
| Index: src/wasm/wasm-module.cc |
| diff --git a/src/wasm/wasm-module.cc b/src/wasm/wasm-module.cc |
| index f0598556b4838f9606108e7f4298b6968da72d50..32d365e388ca2d3f65d6f689c00e5f3080928583 100644 |
| --- a/src/wasm/wasm-module.cc |
| +++ b/src/wasm/wasm-module.cc |
| @@ -1791,10 +1791,26 @@ class WasmInstanceBuilder { |
| // If there was no imported WebAssembly.Memory object, create one. |
| Handle<JSArrayBuffer> buffer(instance->get_memory_buffer(), |
| isolate_); |
| - memory_object = WasmMemoryObject::New( |
| - isolate_, buffer, |
| - (module_->max_mem_pages != 0) ? module_->max_mem_pages : -1); |
| - instance->set_memory_object(*memory_object); |
| + if (!buffer.is_null() && buffer->has_guard_region()) { |
|
Eric Holk
2016/12/05 19:54:52
We talked about this offline, but I'm summarizing
gdeepti
2016/12/07 07:10:33
Summarizing offline discussions, previous interpre
|
| + // If guard pages are enabled, use a different buffer to create |
| + // the exported memory object. Using the same buffer will result |
| + // in the exported memory object having a handle to the buffer |
| + // associated with a live instance. |
| + Handle<JSArrayBuffer> new_buffer = |
| + isolate_->factory()->NewJSArrayBuffer(); |
| + JSArrayBuffer::Setup(new_buffer, isolate_, true, |
| + buffer->backing_store(), |
| + buffer->byte_length()->Number()); |
| + new_buffer->set_is_neuterable(false); |
| + new_buffer->set_has_guard_region(true); |
| + memory_object = WasmMemoryObject::New( |
| + isolate_, new_buffer, |
| + (module_->max_mem_pages != 0) ? module_->max_mem_pages : -1); |
| + } else { |
| + memory_object = WasmMemoryObject::New( |
| + isolate_, buffer, |
| + (module_->max_mem_pages != 0) ? module_->max_mem_pages : -1); |
| + } |
| } else { |
| memory_object = Handle<WasmMemoryObject>( |
| instance->get_memory_object(), isolate_); |
