[wasm] Stop correctness fuzzing if growing memory fails

We have similar logic in place when allocating wasm memory fails. For growing, we also need to hard-abort the program, because it would cause observable differences in program behaviour otherwise. R=ahaas@chromium.org, machenbach@chromium.org Bug: chromium:1063951 Change-Id: I98f3b5364100900fce0e6553a347155a39923ca6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2116036 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66842}
2020-03-24 09:21:23 +01:00 · 2020-03-24 09:21:23 +01:00 · 48c38718e8
commit 48c38718e8
parent 13925319af
1 changed files with 7 additions and 1 deletions
--- a/src/wasm/wasm-objects.cc
+++ b/src/wasm/wasm-objects.cc
@ -932,7 +932,13 @@ int32_t WasmMemoryObject::Grow(Isolate* isolate,
  // Try allocating a new backing store and copying.
  std::unique_ptr<BackingStore> new_backing_store =
      backing_store->CopyWasmMemory(isolate, new_pages);
-  if (!new_backing_store) return -1;
+  if (!new_backing_store) {
+    // Crash on out-of-memory if the correctness fuzzer is running.
+    if (FLAG_correctness_fuzzer_suppressions) {
+      FATAL("could not grow wasm memory");
+    }
+    return -1;
+  }

  // Detach old and create a new one with the new backing store.
  old_buffer->Detach(true);