43accc8b7f
This reverts commit 03d5a7ba9b.
Reason for revert: Needs rebaseline:
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/3243
Original change's description:
> [wasm] The name of a custom section can cause a validation error
>
> The WebAssembly spec defines that the name of a custom section can cause
> a validation error. The streaming decoder, however, used a separate
> Decoder object to decode the name, and thereby avoided a validation
> error. With this CL the streaming decoder uses the main decoder to
> decode the name of the custom section.
>
> In addition this CL removes the test mjsunit/regress/wasm/regress-789952.
> This test defined an invalid WebAssembly module and expected it to
> compile. As it is a regression test, it makes no sense to fix the test.
> The module is invalid because it defines the length of the custom section
> to be '0', so there are no bytes in the custom section for its name.
>
> R=clemensb@chromium.org
> CC=thibaudm@chromium.org
>
> Bug: v8:10126
> Change-Id: I8cfc77c9a5916570d5362d5922e0179a29774da8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2041446
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66348}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I5a7ea265ce47b9e685a5056bb83db6dc58f774a9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10126
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2065168
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66356}
41 lines
1.1 KiB
JavaScript
41 lines
1.1 KiB
JavaScript
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
let module_size = 19;
|
|
let string_len = 0x00fffff0 - module_size;
|
|
|
|
print("Allocating backing store: " + (string_len + module_size));
|
|
let backing = new ArrayBuffer(string_len + module_size);
|
|
|
|
print("Allocating typed array buffer");
|
|
let buffer = new Uint8Array(backing);
|
|
|
|
print("Filling...");
|
|
buffer.fill(0x41);
|
|
|
|
print("Setting up array buffer");
|
|
// Magic
|
|
buffer.set([0x00, 0x61, 0x73, 0x6D], 0);
|
|
// Version
|
|
buffer.set([0x01, 0x00, 0x00, 0x00], 4);
|
|
// kUnknownSection (0)
|
|
buffer.set([0], 8);
|
|
// Section length
|
|
buffer.set([0x80, 0x80, 0x80, 0x80, 0x00], 9);
|
|
// Name length
|
|
let x = string_len + 1;
|
|
let b1 = ((x >> 0) & 0x7F) | 0x80;
|
|
let b2 = ((x >> 7) & 0x7F) | 0x80;
|
|
let b3 = ((x >> 14) & 0x7F) | 0x80;
|
|
let b4 = ((x >> 21) & 0x7F);
|
|
//buffer.set([0xDE, 0xFF, 0xFF, 0x7F], 14);
|
|
buffer.set([b1, b2, b3, b4], 14);
|
|
|
|
print("Parsing module...");
|
|
let m = new WebAssembly.Module(buffer);
|
|
|
|
print("Triggering!");
|
|
let c = WebAssembly.Module.customSections(m, "A".repeat(string_len + 1));
|
|
assertEquals(0, c.length);
|