[wasm] Limit module size in streaming decoder

Limit the allowed module size in the streaming decoder to 256kiB to avoid OOMs on systems that are very memory constained (32-bit ASan builds). Drive-by: Skip linting wasm fuzzer input files, as those are binary files. R=ahaas@chromium.org Bug: chromium:1334577, chromium:1337558 Change-Id: Ie5599088fd25c0bc7c8f9f1a953d31fe61a21844 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700073 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81602}
2022-07-08 10:36:18 +02:00 · 2022-07-08 10:36:18 +02:00 · 5078eea1ce
commit 5078eea1ce
parent 562e21866c
3 changed files with 13 additions and 6 deletions
--- a/PRESUBMIT.py
+++ b/PRESUBMIT.py
@ -486,14 +486,18 @@ def _CheckNoexceptAnnotations(input_api, output_api):
  """

  def FilterFile(affected_file):
-    return input_api.FilterSourceFile(
-        affected_file,
-        files_to_check=(r'src[\\\/].*', r'test[\\\/].*'),
+    files_to_skip = _EXCLUDED_PATHS + (
        # Skip api.cc since we cannot easily add the 'noexcept' annotation to
        # public methods.
+        r'src[\\\/]api[\\\/]api\.cc',
        # Skip src/bigint/ because it's meant to be V8-independent.
-        files_to_skip=(r'src[\\\/]api[\\\/]api\.cc',
-                       r'src[\\\/]bigint[\\\/].*'))
+        r'src[\\\/]bigint[\\\/].*',
+    )
+    return input_api.FilterSourceFile(
+        affected_file,
+        files_to_check=(r'src[\\\/].*\.cc', r'src[\\\/].*\.h',
+                        r'test[\\\/].*\.cc', r'test[\\\/].*\.h'),
+        files_to_skip=files_to_skip)

  # matches any class name.
  class_name = r'\b([A-Z][A-Za-z0-9_:]*)(?:::\1)?'
--- a/test/fuzzer/wasm-streaming.cc
+++ b/test/fuzzer/wasm-streaming.cc
@ -43,7 +43,7 @@ struct CompilationResult {

 class TestResolver : public CompilationResultResolver {
 public:
-  TestResolver(i::Isolate* isolate) : isolate_(isolate) {}
+  explicit TestResolver(i::Isolate* isolate) : isolate_(isolate) {}

  void OnCompilationSucceeded(i::Handle<i::WasmModuleObject> module) override {
    done_ = true;
@ -159,6 +159,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // the flag by itself.
  fuzzer::OneTimeEnableStagedWasmFeatures(isolate);

+  // Limit the maximum module size to avoid OOM.
+  FLAG_wasm_max_module_size = 256 * KB;
+
  WasmFeatures enabled_features = i::wasm::WasmFeatures::FromIsolate(i_isolate);

  base::Vector<const uint8_t> data_vec{data, size - 1};
--- a/test/fuzzer/wasm_streaming/regress-1334577
+++ b/test/fuzzer/wasm_streaming/regress-1334577