[wasm] Block compile/instantiate of large array buffers

third_party/WebKit/Source/bindings/core/v8/V8Initializer.cpp

 /*
  * Copyright (C) 2009 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 125 matching lines @@
       level = InfoMessageLevel;
       break;
     case v8::Isolate::kMessageError:
       level = InfoMessageLevel;
       break;
     default:
       NOTREACHED();
   }
   return level;
 }
+
+const size_t kWasmWireBytesLimit = 1 << 12;
+
 }  // namespace
 
 void V8Initializer::messageHandlerInMainThread(v8::Local<v8::Message> message,
                                                v8::Local<v8::Value> data) {
   ASSERT(isMainThread());
   v8::Isolate* isolate = v8::Isolate::GetCurrent();
 
   if (isolate->GetEnteredContext().IsEmpty())
     return;
 
@@ skipping 157 matching lines @@
   if (ExecutionContext* executionContext = toExecutionContext(context)) {
     if (ContentSecurityPolicy* policy =
             toDocument(executionContext)->contentSecurityPolicy())
       return policy->allowEval(ScriptState::from(context),
                                ContentSecurityPolicy::SendReport,
                                ContentSecurityPolicy::WillThrowException);
   }
   return false;
 }
 
+static bool allowWasmCompileCallbackInMainThread(v8::Isolate* isolate,
+                                                 v8::Local<v8::Value> source,
+                                                 bool asPromise) {
+  // We allow async compilation irrespective of buffer size.
+  if (asPromise)
+    return true;
+  if (source->IsArrayBuffer() &&
+      v8::Local<v8::ArrayBuffer>::Cast(source)->ByteLength() >
+          kWasmWireBytesLimit) {
+    return false;
+  }
+  if (source->IsArrayBufferView() &&
+      v8::Local<v8::ArrayBufferView>::Cast(source)->ByteLength() >
+          kWasmWireBytesLimit) {
+    return false;
+  }
+  return true;
+}
+
+static bool allowWasmInstantiateCallbackInMainThread(
+    v8::Isolate* isolate,
+    v8::Local<v8::Value> source,
+    v8::MaybeLocal<v8::Value> ffi,
+    bool asPromise) {
+  // Async cases are allowed, regardless of the size of the
+  // wire bytes. Note that, for instantiation, we use the wire
+  // bytes size as a proxy for instantiation time. We may
+  // consider using the size of the ffi (nr of properties)
+  // instead, or, even more directly, number of imports.
+  if (asPromise)
+    return true;
+  // If it's not a promise, the source should be a wasm module
+  DCHECK(source->IsWebAssemblyCompiledModule());
+  v8::Local<v8::WasmCompiledModule> module =
+      v8::Local<v8::WasmCompiledModule>::Cast(source);
+  if (static_cast<size_t>(module->GetWasmWireBytes()->Length()) >
+      kWasmWireBytesLimit) {
+    return false;
+  }
+  return true;
+}
+
 static void initializeV8Common(v8::Isolate* isolate) {
   isolate->AddGCPrologueCallback(V8GCController::gcPrologue);
   isolate->AddGCEpilogueCallback(V8GCController::gcEpilogue);
   if (RuntimeEnabledFeatures::traceWrappablesEnabled()) {
     std::unique_ptr<ScriptWrappableVisitor> visitor(
         new ScriptWrappableVisitor(isolate));
     V8PerIsolateData::from(isolate)->setScriptWrappableVisitor(
         std::move(visitor));
     isolate->SetEmbedderHeapTracer(
         V8PerIsolateData::from(isolate)->scriptWrappableVisitor());
@@ skipping 75 matching lines @@
   isolate->SetFatalErrorHandler(reportFatalErrorInMainThread);
   isolate->AddMessageListenerWithErrorLevel(
       messageHandlerInMainThread,
       v8::Isolate::kMessageError | v8::Isolate::kMessageWarning |
           v8::Isolate::kMessageInfo | v8::Isolate::kMessageDebug |
           v8::Isolate::kMessageLog);
   isolate->SetFailedAccessCheckCallbackFunction(
       failedAccessCheckCallbackInMainThread);
   isolate->SetAllowCodeGenerationFromStringsCallback(
       codeGenerationCheckCallbackInMainThread);
-
+  isolate->SetAllowWasmCompileCallback(allowWasmCompileCallbackInMainThread);
+  isolate->SetAllowWasmInstantiateCallback(
+      allowWasmInstantiateCallbackInMainThread);
   if (RuntimeEnabledFeatures::v8IdleTasksEnabled()) {
     V8PerIsolateData::enableIdleTasks(
         isolate, WTF::makeUnique<V8IdleTaskRunner>(scheduler));
   }
 
   isolate->SetPromiseRejectCallback(promiseRejectHandlerInMainThread);
 
   if (v8::HeapProfiler* profiler = isolate->GetHeapProfiler())
     profiler->SetWrapperClassInfoProvider(
         WrapperTypeInfo::NodeClassId, &RetainedDOMInfo::createRetainedDOMInfo);
@@ skipping 93 matching lines @@
           v8::Isolate::kMessageLog);
   isolate->SetFatalErrorHandler(reportFatalErrorInWorker);
 
   uint32_t here;
   isolate->SetStackLimit(reinterpret_cast<uintptr_t>(&here) -
                          kWorkerMaxStackSize);
   isolate->SetPromiseRejectCallback(promiseRejectHandlerInWorker);
 }
 
 }  // namespace blink