AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
4e6aa9767a
v8/test/mjsunit/regress/wasm/regress-1215808.js
Clemens Backes 15e489574b [wasm] Fix integer overflow on memory growing on 32-bit 
When growing a memory without a maximum, we should still check against
the spec'ed limit, to avoid an overflow when computing the new number of
pages.

R=ahaas@chromium.org

Bug: chromium:1215808
Change-Id: I476b954268277e7dce1106a9b8c3c713b0d1a560
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944433
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74980}
2021-06-07 13:16:24 +00:00

11 lines
299 B
JavaScript
Raw Blame History

// Copyright 2021 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
const k4GB = 4 * 1024 * 1024 * 1024;
let memory = new WebAssembly.Memory({initial: 1});
try {
memory.grow(k4GB - 1);
} catch {}
Reference in New Issue View Git Blame Copy Permalink