AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[wasm] Use engine's allocator consistently

Browse Source 
Using the Isolate's allocator when creating the WasmModule can lead to
use-after-free situations when the NativeModule is shared across
Isolates.

R=mstarzinger@chromium.org

Bug: v8:9079
Change-Id: I5a564852179cc5b9d4cbad2a002d3b6e14b01968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550404
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60605}
This commit is contained in:
Clemens Hammacher 2019-04-03 15:54:08 +02:00 committed by Commit Bot
parent ab55cc736f
commit 084207d968
5 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/wasm/wasm-serialization.cc
View File

@ -613,9 +613,10 @@ MaybeHandle<WasmModuleObject> DeserializeNativeModule(
ModuleWireBytes wire_bytes(wire_bytes_vec);
// TODO(titzer): module features should be part of the serialization format.
WasmFeatures enabled_features = WasmFeaturesFromIsolate(isolate);
ModuleResult decode_result = DecodeWasmModule(
enabled_features, wire_bytes.start(), wire_bytes.end(), false,
i::wasm::kWasmOrigin, isolate->counters(), isolate->allocator());
ModuleResult decode_result =
DecodeWasmModule(enabled_features, wire_bytes.start(), wire_bytes.end(),
false, i::wasm::kWasmOrigin, isolate->counters(),
isolate->wasm_engine()->allocator());
if (decode_result.failed()) return {};
CHECK_NOT_NULL(decode_result.value());
WasmModule* module = decode_result.value().get();

2
test/cctest/wasm/test-streaming-compilation.cc
View File

@ -264,7 +264,7 @@ size_t GetFunctionOffset(i::Isolate* isolate, const uint8_t* buffer,
size_t size, size_t index) {
ModuleResult result = DecodeWasmModule(
kAllWasmFeatures, buffer, buffer + size, false, ModuleOrigin::kWasmOrigin,
isolate->counters(), isolate->allocator());
isolate->counters(), isolate->wasm_engine()->allocator());
CHECK(result.ok());
const WasmFunction* func = &result.value()->functions[1];
return func->code.offset();

2
test/common/wasm/wasm-module-runner.cc
View File

@ -46,7 +46,7 @@ std::shared_ptr<WasmModule> DecodeWasmModuleForTesting(
auto enabled_features = WasmFeaturesFromIsolate(isolate);
ModuleResult decoding_result = DecodeWasmModule(
enabled_features, module_start, module_end, verify_functions, origin,
isolate->counters(), isolate->allocator());
isolate->counters(), isolate->wasm_engine()->allocator());
if (decoding_result.failed()) {
// Module verification failed. throw.

3
test/fuzzer/wasm-fuzzer-common.cc
View File

@ -116,7 +116,8 @@ void GenerateTestCase(Isolate* isolate, ModuleWireBytes wire_bytes,
auto enabled_features = i::wasm::WasmFeaturesFromIsolate(isolate);
ModuleResult module_res = DecodeWasmModule(
enabled_features, wire_bytes.start(), wire_bytes.end(), kVerifyFunctions,
ModuleOrigin::kWasmOrigin, isolate->counters(), isolate->allocator());
ModuleOrigin::kWasmOrigin, isolate->counters(),
isolate->wasm_engine()->allocator());
CHECK(module_res.ok());
WasmModule* module = module_res.value().get();
CHECK_NOT_NULL(module);

4
test/unittests/wasm/module-decoder-unittest.cc
View File

@ -186,7 +186,7 @@ class WasmModuleVerifyTest : public TestWithIsolateAndZone {
}
ModuleResult result = DecodeWasmModule(
enabled_features_, temp, temp + total, false, kWasmOrigin,
isolate()->counters(), isolate()->allocator());
isolate()->counters(), isolate()->wasm_engine()->allocator());
delete[] temp;
return result;
}
@ -194,7 +194,7 @@ class WasmModuleVerifyTest : public TestWithIsolateAndZone {
const byte* module_end) {
return DecodeWasmModule(enabled_features_, module_start, module_end, false,
kWasmOrigin, isolate()->counters(),
isolate()->allocator());
isolate()->wasm_engine()->allocator());
}
};