Changeset 238433 in webkit
- Timestamp:
- Nov 21, 2018 5:51:33 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r238425 r238433 1 2018-11-21 Mark Lam <mark.lam@apple.com> 2 3 Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError. 4 https://bugs.webkit.org/show_bug.cgi?id=191776 5 <rdar://problem/46152851> 6 7 Reviewed by Saam Barati. 8 9 * stress/big-wasm-memory-grow-no-max.js: 10 * stress/big-wasm-memory-grow.js: 11 * stress/big-wasm-memory.js: 12 - updated these to expect an OutOfMemoryError. 13 14 * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE-2.js: Added. 15 (Binary.prototype.emit_u8): 16 (Binary.prototype.emit_u32v): 17 (Binary.prototype.emit_header): 18 (Binary.prototype.emit_section): 19 (Binary): 20 (WasmModuleBuilder): 21 (WasmModuleBuilder.prototype.addMemory): 22 (WasmModuleBuilder.prototype.toArray): 23 (WasmModuleBuilder.prototype.toBuffer): 24 (WasmModuleBuilder.prototype.instantiate): 25 (catch): 26 * wasm/regress/wasm-memory-requested-more-than-MAX_ARRAY_BUFFER_SIZE.js: Added. 27 (catch): 28 1 29 2018-11-21 Caio Lima <ticaiolima@gmail.com> 2 30 -
trunk/JSTests/stress/big-wasm-memory-grow-no-max.js
r238373 r238433 27 27 ok = true; 28 28 } catch (e) { 29 if (e.toString() != " RangeError: WebAssembly.Memory.grow expects the grown size to be a valid page count")29 if (e.toString() != "Error: Out of memory") 30 30 throw e; 31 31 } -
trunk/JSTests/stress/big-wasm-memory-grow.js
r238373 r238433 27 27 ok = true; 28 28 } catch (e) { 29 if (e.toString() != " RangeError: WebAssembly.Memory.grow expects the grown size to be a valid page count")29 if (e.toString() != "Error: Out of memory") 30 30 throw e; 31 31 } -
trunk/JSTests/stress/big-wasm-memory.js
r238373 r238433 25 25 ok = true; 26 26 } catch (e) { 27 if (e.toString() != " RangeError: WebAssembly.Memory 'initial' page count is too large")27 if (e.toString() != "Error: Out of memory") 28 28 throw e; 29 29 } -
trunk/Source/JavaScriptCore/ChangeLog
r238425 r238433 1 2018-11-21 Mark Lam <mark.lam@apple.com> 2 3 Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError. 4 https://bugs.webkit.org/show_bug.cgi?id=191776 5 <rdar://problem/46152851> 6 7 Reviewed by Saam Barati. 8 9 * wasm/WasmMemory.cpp: 10 (JSC::Wasm::Memory::tryCreate): 11 - return nullptr if the requested bytes exceed MAX_ARRAY_BUFFER_SIZE. 12 The clients will already do a null check and throw an OutOfMemoryError if needed. 13 (JSC::Wasm::Memory::grow): 14 - throw OOME if newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE. 15 * wasm/js/WebAssemblyMemoryConstructor.cpp: 16 (JSC::constructJSWebAssemblyMemory): 17 - throw OOME if newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE. 18 1 19 2018-11-21 Caio Lima <ticaiolima@gmail.com> 2 20 -
trunk/Source/JavaScriptCore/wasm/WasmMemory.cpp
r238326 r238433 283 283 const size_t maximumBytes = maximum ? maximum.bytes() : 0; 284 284 285 RELEASE_ASSERT(initialBytes <= MAX_ARRAY_BUFFER_SIZE); 285 if (initialBytes > MAX_ARRAY_BUFFER_SIZE) 286 return nullptr; // Client will throw OOMError. 286 287 287 288 if (maximum && !maximumBytes) { … … 375 376 376 377 const Wasm::PageCount newPageCount = oldPageCount + delta; 377 // FIXME: Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw 378 // OOME not RangeError 379 // https://bugs.webkit.org/show_bug.cgi?id=191776 380 if (!newPageCount || !newPageCount.isValid() || newPageCount.bytes() >= MAX_ARRAY_BUFFER_SIZE) 378 if (!newPageCount || !newPageCount.isValid()) 381 379 return makeUnexpected(GrowFailReason::InvalidGrowSize); 380 if (newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE) 381 return makeUnexpected(GrowFailReason::OutOfMemory); 382 382 383 383 auto success = [&] () { -
trunk/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp
r238326 r238433 1 1 /* 2 * Copyright (C) 2016-201 7Apple Inc. All rights reserved.2 * Copyright (C) 2016-2018 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 71 71 uint32_t size = toNonWrappingUint32(exec, minSizeValue); 72 72 RETURN_IF_EXCEPTION(throwScope, encodedJSValue()); 73 // FIXME: Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw 74 // OOME not RangeError 75 // https://bugs.webkit.org/show_bug.cgi?id=191776 76 if (!Wasm::PageCount::isValid(size) || Wasm::PageCount(size).bytes() >= MAX_ARRAY_BUFFER_SIZE) 73 if (!Wasm::PageCount::isValid(size)) 77 74 return JSValue::encode(throwException(exec, throwScope, createRangeError(exec, "WebAssembly.Memory 'initial' page count is too large"_s))); 75 if (Wasm::PageCount(size).bytes() > MAX_ARRAY_BUFFER_SIZE) 76 return JSValue::encode(throwException(exec, throwScope, createOutOfMemoryError(exec))); 78 77 initialPageCount = Wasm::PageCount(size); 79 78 }
Note: See TracChangeset
for help on using the changeset viewer.