[wasm] 32-bit platforms: lower kV8MaxWasmMemoryPages by 1

To make sure that Wasm memories don't exceed JSArrayBuffer size. This change shouldn't affect real-world modules, because finding enough contiguous address space to allocate that much memory is virtually impossible anyway. Fixed: chromium:1242339 Change-Id: I68873796b9afb798cb1a64e5e1acc495cf509159 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328783 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#78336}
2021-12-09 22:13:39 +01:00 · 2021-12-09 22:13:39 +01:00 · 6d7ed2e870
commit 6d7ed2e870
parent 2e96d32168
4 changed files with 6 additions and 2 deletions
--- a/src/builtins/typed-array-createtypedarray.tq
+++ b/src/builtins/typed-array-createtypedarray.tq
@ -292,7 +292,7 @@ transitioning macro ConstructByArrayBuffer(implicit context: Context)(
      // in the step 12 branch.
      newByteLength = bufferByteLength - offset;
      newLength = elementsInfo.CalculateLength(newByteLength)
-          otherwise IfInvalidOffset;
+          otherwise IfInvalidLength;

      // 12. Else,
    } else {
--- a/src/objects/js-array-buffer.cc
+++ b/src/objects/js-array-buffer.cc
@ -91,6 +91,7 @@ void JSArrayBuffer::Attach(std::shared_ptr<BackingStore> backing_store) {
    // invariant that their byte_length field is always 0.
    set_byte_length(0);
  } else {
+    CHECK_LE(backing_store->byte_length(), kMaxByteLength);
    set_byte_length(backing_store->byte_length());
  }
  set_max_byte_length(backing_store->max_byte_length());
--- a/src/wasm/wasm-engine.cc
+++ b/src/wasm/wasm-engine.cc
@ -1649,6 +1649,9 @@ WasmCodeManager* GetWasmCodeManager() {

 // {max_mem_pages} is declared in wasm-limits.h.
 uint32_t max_mem_pages() {
+  static_assert(
+      kV8MaxWasmMemoryPages * kWasmPageSize <= JSArrayBuffer::kMaxByteLength,
+      "Wasm memories must not be bigger than JSArrayBuffers");
  STATIC_ASSERT(kV8MaxWasmMemoryPages <= kMaxUInt32);
  return std::min(uint32_t{kV8MaxWasmMemoryPages}, FLAG_wasm_max_mem_pages);
 }
--- a/src/wasm/wasm-limits.h
+++ b/src/wasm/wasm-limits.h
@ -40,7 +40,7 @@ constexpr size_t kV8MaxWasmDataSegments = 100000;
 // Also, do not use this limit to validate declared memory, use
 // kSpecMaxMemoryPages for that.
 constexpr size_t kV8MaxWasmMemoryPages = kSystemPointerSize == 4
-                                             ? 32768   // = 2 GiB
+                                             ? 32767   // = 2 GiB
                                             : 65536;  // = 4 GiB
 constexpr size_t kV8MaxWasmStringSize = 100000;
 constexpr size_t kV8MaxWasmModuleSize = 1024 * 1024 * 1024;  // = 1 GiB