| OLD | NEW |
|---|
| 1 // Copyright 2015 the V8 project authors. All rights reserved. | 1 // Copyright 2015 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 | 6 |
| 7 #include "src/assembler-inl.h" | 7 #include "src/assembler-inl.h" |
| 8 #include "src/base/adapters.h" | 8 #include "src/base/adapters.h" |
| 9 #include "src/base/atomic-utils.h" | 9 #include "src/base/atomic-utils.h" |
| 10 #include "src/code-stubs.h" | 10 #include "src/code-stubs.h" |
| (...skipping 1287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1298 } else if (min_mem_pages > 0) { | 1298 } else if (min_mem_pages > 0) { |
| 1299 memory_ = AllocateMemory(min_mem_pages); | 1299 memory_ = AllocateMemory(min_mem_pages); |
| 1300 if (memory_.is_null()) return nothing; // failed to allocate memory | 1300 if (memory_.is_null()) return nothing; // failed to allocate memory |
| 1301 } | 1301 } |
| 1302 | 1302 |
| 1303 if (!memory_.is_null()) { | 1303 if (!memory_.is_null()) { |
| 1304 instance->set_memory_buffer(*memory_); | 1304 instance->set_memory_buffer(*memory_); |
| 1305 Address mem_start = static_cast<Address>(memory_->backing_store()); | 1305 Address mem_start = static_cast<Address>(memory_->backing_store()); |
| 1306 uint32_t mem_size = | 1306 uint32_t mem_size = |
| 1307 static_cast<uint32_t>(memory_->byte_length()->Number()); | 1307 static_cast<uint32_t>(memory_->byte_length()->Number()); |
| 1308 LoadDataSegments(mem_start, mem_size); | 1308 if (!LoadDataSegments(mem_start, mem_size)) return nothing; |
| 1309 | 1309 |
| 1310 uint32_t old_mem_size = compiled_module_->mem_size(); | 1310 uint32_t old_mem_size = compiled_module_->mem_size(); |
| 1311 Address old_mem_start = | 1311 Address old_mem_start = |
| 1312 compiled_module_->has_memory() | 1312 compiled_module_->has_memory() |
| 1313 ? static_cast<Address>( | 1313 ? static_cast<Address>( |
| 1314 compiled_module_->memory()->backing_store()) | 1314 compiled_module_->memory()->backing_store()) |
| 1315 : nullptr; | 1315 : nullptr; |
| 1316 RelocateMemoryReferencesInCode(code_table, old_mem_start, mem_start, | 1316 RelocateMemoryReferencesInCode(code_table, old_mem_start, mem_start, |
| 1317 old_mem_size, mem_size); | 1317 old_mem_size, mem_size); |
| 1318 compiled_module_->set_memory(memory_); | 1318 compiled_module_->set_memory(memory_); |
| 1319 } else { | 1319 } else { |
| 1320 LoadDataSegments(nullptr, 0); | 1320 if (!LoadDataSegments(nullptr, 0)) return nothing; |
| 1321 } | 1321 } |
| 1322 | 1322 |
| 1323 //-------------------------------------------------------------------------- | 1323 //-------------------------------------------------------------------------- |
| 1324 // Set up the runtime support for the new instance. | 1324 // Set up the runtime support for the new instance. |
| 1325 //-------------------------------------------------------------------------- | 1325 //-------------------------------------------------------------------------- |
| 1326 Handle<WeakCell> weak_link = factory->NewWeakCell(instance); | 1326 Handle<WeakCell> weak_link = factory->NewWeakCell(instance); |
| 1327 | 1327 |
| 1328 for (int i = num_imported_functions + FLAG_skip_compiling_wasm_funcs; | 1328 for (int i = num_imported_functions + FLAG_skip_compiling_wasm_funcs; |
| 1329 i < code_table->length(); ++i) { | 1329 i < code_table->length(); ++i) { |
| 1330 Handle<Code> code = code_table->GetValueChecked<Code>(isolate_, i); | 1330 Handle<Code> code = code_table->GetValueChecked<Code>(isolate_, i); |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1543 uint32_t offset = module_->globals[expr.val.global_index].offset; | 1543 uint32_t offset = module_->globals[expr.val.global_index].offset; |
| 1544 return *reinterpret_cast<uint32_t*>(raw_buffer_ptr(globals_, offset)); | 1544 return *reinterpret_cast<uint32_t*>(raw_buffer_ptr(globals_, offset)); |
| 1545 } | 1545 } |
| 1546 default: | 1546 default: |
| 1547 UNREACHABLE(); | 1547 UNREACHABLE(); |
| 1548 return 0; | 1548 return 0; |
| 1549 } | 1549 } |
| 1550 } | 1550 } |
| 1551 | 1551 |
| 1552 // Load data segments into the memory. | 1552 // Load data segments into the memory. |
| 1553 void LoadDataSegments(Address mem_addr, size_t mem_size) { | 1553 bool LoadDataSegments(Address mem_addr, size_t mem_size) { |
| 1554 Handle<SeqOneByteString> module_bytes(compiled_module_->module_bytes(), | 1554 Handle<SeqOneByteString> module_bytes(compiled_module_->module_bytes(), |
| 1555 isolate_); | 1555 isolate_); |
| 1556 for (const WasmDataSegment& segment : module_->data_segments) { | 1556 for (const WasmDataSegment& segment : module_->data_segments) { |
| 1557 uint32_t source_size = segment.source_size; | 1557 uint32_t source_size = segment.source_size; |
| 1558 // Segments of size == 0 are just nops. | 1558 // Segments of size == 0 are just nops. |
| 1559 if (source_size == 0) continue; | 1559 if (source_size == 0) continue; |
| 1560 uint32_t dest_offset = EvalUint32InitExpr(segment.dest_addr); | 1560 uint32_t dest_offset = EvalUint32InitExpr(segment.dest_addr); |
| 1561 if (dest_offset >= mem_size || source_size >= mem_size || | 1561 if (dest_offset + source_size > mem_size || |
| 1562 dest_offset > (mem_size - source_size)) { | 1562 dest_offset + source_size < dest_offset) { |
| 1563 thrower_->LinkError("data segment (start = %" PRIu32 ", size = %" PRIu32 | 1563 thrower_->LinkError("data segment (start = %" PRIu32 ", size = %" PRIu32 |
| 1564 ") does not fit into memory (size = %" PRIuS ")", | 1564 ") does not fit into memory (size = %" PRIuS ")", |
| 1565 dest_offset, source_size, mem_size); | 1565 dest_offset, source_size, mem_size); |
| 1566 return; | 1566 return false; |
| 1567 } | 1567 } |
| 1568 byte* dest = mem_addr + dest_offset; | 1568 byte* dest = mem_addr + dest_offset; |
| 1569 const byte* src = reinterpret_cast<const byte*>( | 1569 const byte* src = reinterpret_cast<const byte*>( |
| 1570 module_bytes->GetCharsAddress() + segment.source_offset); | 1570 module_bytes->GetCharsAddress() + segment.source_offset); |
| 1571 memcpy(dest, src, source_size); | 1571 memcpy(dest, src, source_size); |
| 1572 } | 1572 } |
| 1573 return true; |
| 1573 } | 1574 } |
| 1574 | 1575 |
| 1575 void WriteGlobalValue(WasmGlobal& global, Handle<Object> value) { | 1576 void WriteGlobalValue(WasmGlobal& global, Handle<Object> value) { |
| 1576 double num = 0; | 1577 double num = 0; |
| 1577 if (value->IsSmi()) { | 1578 if (value->IsSmi()) { |
| 1578 num = Smi::cast(*value)->value(); | 1579 num = Smi::cast(*value)->value(); |
| 1579 } else if (value->IsHeapNumber()) { | 1580 } else if (value->IsHeapNumber()) { |
| 1580 num = HeapNumber::cast(*value)->value(); | 1581 num = HeapNumber::cast(*value)->value(); |
| 1581 } else { | 1582 } else { |
| 1582 UNREACHABLE(); | 1583 UNREACHABLE(); |
| (...skipping 981 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2564 | 2565 |
| 2565 JSObject::AddProperty(entry, name_string, export_name.ToHandleChecked(), | 2566 JSObject::AddProperty(entry, name_string, export_name.ToHandleChecked(), |
| 2566 NONE); | 2567 NONE); |
| 2567 JSObject::AddProperty(entry, kind_string, export_kind, NONE); | 2568 JSObject::AddProperty(entry, kind_string, export_kind, NONE); |
| 2568 | 2569 |
| 2569 storage->set(index, *entry); | 2570 storage->set(index, *entry); |
| 2570 } | 2571 } |
| 2571 | 2572 |
| 2572 return array_object; | 2573 return array_object; |
| 2573 } | 2574 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2640453003:
[wasm] Fix and tighten memory validation (Closed)
