e68728a262
The IsInBounds function is used in a few different places, when used for bounds checks on 32-bit platforms, size_t for max_memory_size leads to incorrect out of bounds accesses as size_t is not guaranteed to be 64-bit on all platforms. Use specific uint32_t, uint64_t methods for Wasm bounds checking instead of size_t. Bug: chromium:1080902 Change-Id: I0e21f0a310382c8ed0703c8302200d3352495c13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256858 Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68500}
28 lines
767 B
JavaScript
28 lines
767 B
JavaScript
// Copyright 2020 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --experimental-wasm-threads
|
|
|
|
load("test/mjsunit/wasm/wasm-module-builder.js");
|
|
|
|
let memory = new WebAssembly.Memory({
|
|
initial: 1,
|
|
maximum: 10,
|
|
shared: true
|
|
});
|
|
|
|
let builder = new WasmModuleBuilder();
|
|
builder.addImportedMemory("m", "imported_mem", 0, 1 << 16, "shared");
|
|
builder.addFunction("main", kSig_i_v).addBody([
|
|
kExprI32Const, 0,
|
|
kAtomicPrefix,
|
|
kExprI32AtomicLoad16U, 1, 0]).exportAs("main");
|
|
let module = new WebAssembly.Module(builder.toBuffer());
|
|
let instance = new WebAssembly.Instance(module, {
|
|
m: {
|
|
imported_mem: memory
|
|
}
|
|
});
|
|
instance.exports.main();
|