[wasm] Zero extend register containing i32 parameter in generic wrapper

We have to make sure that 32 bit negative values are zero extended. Related testcase: https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8869450761469925696/+/steps/Check_-_extra/0/logs/memory_trap/0 Bug: v8:10701 Change-Id: I69ae4189d37e5d31a81254ec72dd6e02fb442b4e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412168 Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Eva Herencsárová <evih@google.com> Cr-Commit-Position: refs/heads/master@{#69914}
2020-09-15 14:40:16 +02:00 · 2020-09-15 14:40:16 +02:00 · 64610bda59
commit 64610bda59
parent a922ee7f99
1 changed files with 4 additions and 0 deletions
--- a/src/builtins/x64/builtins-x64.cc
+++ b/src/builtins/x64/builtins-x64.cc
@ -3509,6 +3509,8 @@ void Builtins::Generate_GenericJSToWasmWrapper(MacroAssembler* masm) {
  __ j(equal, &convert_param);
  // Change the paramfrom Smi to int32.
  __ SmiUntag(param);
+  // Zero extend.
+  __ movl(param, param);

  // -------------------------------------------
  // Param conversion done.
@ -3667,6 +3669,8 @@ void Builtins::Generate_GenericJSToWasmWrapper(MacroAssembler* masm) {
  __ bind(&kWasmI32_not_smi);
  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedNonSmiToInt32),
          RelocInfo::CODE_TARGET);
+  // Param is the result of the builtin.
+  __ AssertZeroExtended(param);
  __ jmp(&restore_after_buitlin_call);

  __ bind(&kWasmI64);