AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
6071c6d8d6
v8/test/mjsunit/asm/regress-1013920.js
Ulan Degenbaev 9de61eb477 [asmjs] Disallow AsmJs instantiation from a SharedArrayBuffer. 
AsmJs does not support SharedArrayBuffers. This CL adds a check in
instantiation and reports a proper error.

Bug: chromium:1013920
Change-Id: Id7159f23ddcc2bde139c4c97bdb67ef3dc7f0e22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862563
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64291}
2019-10-15 12:45:29 +00:00

18 lines
448 B
JavaScript
Raw Blame History

// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
function asm(stdlib, foreign, heap) {
"use asm";
var heap32 = new stdlib.Uint32Array(heap);
function f() { return 0; }
return {f : f};
}
var heap = Reflect.construct(
SharedArrayBuffer,
[1024 * 1024],
ArrayBuffer.prototype.constructor);
asm(this, {}, heap);
Reference in New Issue View Git Blame Copy Permalink