Loading js/src/asmjs/Wasm.cpp +15 −13 Original line number Diff line number Diff line Loading @@ -53,7 +53,7 @@ Fail(JSContext* cx, const char* str) } static bool Fail(JSContext* cx, Decoder& d, const char* str) Fail(JSContext* cx, const Decoder& d, const char* str) { uint32_t offset = d.currentOffset(); char offsetStr[sizeof "4294967295"]; Loading Loading @@ -83,7 +83,7 @@ class ValidatingPolicy : public ExprIterPolicy static const bool Validate = true; // Fail by printing a message, using the contains JSContext. bool fail(const char* str, Decoder& d) { bool fail(const char* str, const Decoder& d) { return Fail(cx_, d, str); } Loading @@ -97,20 +97,17 @@ class FunctionDecoder const ModuleGenerator& mg_; ValidatingExprIter iter_; const ValTypeVector& locals_; const DeclaredSig& sig_; public: FunctionDecoder(JSContext* cx, const ModuleGenerator& mg, Decoder& d, uint32_t funcIndex, const ValTypeVector& locals) const ValTypeVector& locals) : mg_(mg), iter_(ValidatingPolicy(cx), d), locals_(locals), sig_(mg.funcSig(funcIndex)) locals_(locals) {} const ModuleGenerator& mg() const { return mg_; } ValidatingExprIter& iter() { return iter_; } const ValTypeVector& locals() const { return locals_; } const DeclaredSig& sig() const { return sig_; } bool checkI64Support() { if (!IsI64Implemented()) Loading Loading @@ -790,19 +787,23 @@ DecodeMemorySection(JSContext* cx, Decoder& d, ModuleGenerator& mg, MutableHandl if (!d.readVarU32(&initialSizePages)) return Fail(cx, d, "expected initial memory size"); CheckedInt<int32_t> initialSize = initialSizePages; CheckedInt<uint32_t> initialSize = initialSizePages; initialSize *= PageSize; if (!initialSize.isValid()) return Fail(cx, d, "initial memory size too big"); // ArrayBufferObject can't currently allocate more than INT32_MAX bytes. if (initialSize.value() > uint32_t(INT32_MAX)) return false; uint32_t maxSizePages; if (!d.readVarU32(&maxSizePages)) return Fail(cx, d, "expected initial memory size"); CheckedInt<int32_t> maxSize = maxSizePages; CheckedInt<uint32_t> maxSize = maxSizePages; maxSize *= PageSize; if (!maxSize.isValid()) return Fail(cx, d, "initial memory size too big"); return Fail(cx, d, "maximum memory size too big"); uint8_t exported; if (!d.readFixedU8(&exported)) Loading Loading @@ -932,7 +933,8 @@ DecodeFunctionBody(JSContext* cx, Decoder& d, ModuleGenerator& mg, uint32_t func return false; ValTypeVector locals; if (!locals.appendAll(mg.funcSig(funcIndex).args())) const DeclaredSig& sig = mg.funcSig(funcIndex); if (!locals.appendAll(sig.args())) return false; if (!DecodeLocalEntries(d, &locals)) Loading @@ -943,7 +945,7 @@ DecodeFunctionBody(JSContext* cx, Decoder& d, ModuleGenerator& mg, uint32_t func return false; } FunctionDecoder f(cx, mg, d, funcIndex, locals); FunctionDecoder f(cx, mg, d, locals); if (!f.iter().readFunctionStart()) return false; Loading @@ -953,7 +955,7 @@ DecodeFunctionBody(JSContext* cx, Decoder& d, ModuleGenerator& mg, uint32_t func return false; } if (!f.iter().readFunctionEnd(f.sig().ret(), nullptr)) if (!f.iter().readFunctionEnd(sig.ret(), nullptr)) return false; if (d.currentPosition() != bodyEnd) Loading js/src/asmjs/WasmBinary.h +2 −2 Original line number Diff line number Diff line Loading @@ -664,9 +664,9 @@ class Decoder return cur_ == end_; } uintptr_t bytesRemain() const { size_t bytesRemain() const { MOZ_ASSERT(end_ >= cur_); return uintptr_t(end_ - cur_); return size_t(end_ - cur_); } const uint8_t* currentPosition() const { return cur_; Loading js/src/asmjs/WasmBinaryIterator.h +5 −5 Original line number Diff line number Diff line Loading @@ -205,7 +205,7 @@ struct ExprIterPolicy static const bool Output = false; // This function is called to report failures. static bool fail(const char*, Decoder&) { static bool fail(const char*, const Decoder&) { MOZ_CRASH("unexpected validation failure"); return false; } Loading Loading @@ -666,7 +666,7 @@ ExprIter<Policy>::readReturn(Value* value) uint32_t arity; if (!readVarU32(&arity)) return fail("failed to read return arity"); if (arity > 1) if (Validate && arity > 1) return fail("return arity too big"); TypeAndValue<Value> tv; Loading Loading @@ -880,7 +880,7 @@ ExprIter<Policy>::readBr(uint32_t* relativeDepth, ExprType* type, Value* value) uint32_t arity; if (!readVarU32(&arity)) return fail("unable to read br arity"); if (arity > 1) if (Validate && arity > 1) return fail("br arity too big"); uint32_t validateRelativeDepth; Loading Loading @@ -919,7 +919,7 @@ ExprIter<Policy>::readBrIf(uint32_t* relativeDepth, ExprType* type, Value* value uint32_t arity; if (!readVarU32(&arity)) return fail("unable to read br_if arity"); if (arity > 1) if (Validate && arity > 1) return fail("br_if arity too big"); uint32_t validateRelativeDepth; Loading Loading @@ -964,7 +964,7 @@ ExprIter<Policy>::readBrTable(uint32_t* tableLength, ExprType* type, uint32_t arity; if (!readVarU32(&arity)) return fail("unable to read br_table arity"); if (arity > 1) if (Validate && arity > 1) return fail("br_table arity too big"); TypeAndValue<Value> tv; Loading js/src/jit-test/tests/wasm/basic-memory.js +3 −0 Original line number Diff line number Diff line Loading @@ -163,3 +163,6 @@ assertErrorMessage(() => wasmEvalText('(module (memory 1) (func (f32.store offse assertErrorMessage(() => wasmEvalText('(module (memory 1) (func (i32.store offset=0 (i32.const 0) (f32.const 0))))'), TypeError, mismatchError("f32", "i32")); assertErrorMessage(() => wasmEvalText('(module (memory 1) (func (i32.store offset=0 (i32.const 0) (f64.const 0))))'), TypeError, mismatchError("f64", "i32")); wasmEvalText('(module (memory 0 65535))') assertErrorMessage(() => wasmEvalText('(module (memory 0 65536))'), TypeError, /maximum memory size too big/); js/src/jit-test/tests/wasm/basic.js +1 −2 Original line number Diff line number Diff line Loading @@ -147,11 +147,10 @@ wasmEvalText('(module (import $foo "a" "" (result f64)))', {a: ()=> {}}); wasmEvalText('(module (memory 0))'); wasmEvalText('(module (memory 1))'); assertErrorMessage(() => wasmEvalText('(module (memory 65536))'), TypeError, /initial memory size too big/); assertErrorMessage(() => wasmEvalText('(module (memory 32768))'), TypeError, /initial memory size too big/); // May OOM, but must not crash: try { wasmEvalText('(module (memory 32767))'); wasmEvalText('(module (memory 65535))'); } catch (e) { print(e); assertEq(String(e).indexOf("out of memory") != -1, true); Loading Loading
js/src/asmjs/Wasm.cpp +15 −13 Original line number Diff line number Diff line Loading @@ -53,7 +53,7 @@ Fail(JSContext* cx, const char* str) } static bool Fail(JSContext* cx, Decoder& d, const char* str) Fail(JSContext* cx, const Decoder& d, const char* str) { uint32_t offset = d.currentOffset(); char offsetStr[sizeof "4294967295"]; Loading Loading @@ -83,7 +83,7 @@ class ValidatingPolicy : public ExprIterPolicy static const bool Validate = true; // Fail by printing a message, using the contains JSContext. bool fail(const char* str, Decoder& d) { bool fail(const char* str, const Decoder& d) { return Fail(cx_, d, str); } Loading @@ -97,20 +97,17 @@ class FunctionDecoder const ModuleGenerator& mg_; ValidatingExprIter iter_; const ValTypeVector& locals_; const DeclaredSig& sig_; public: FunctionDecoder(JSContext* cx, const ModuleGenerator& mg, Decoder& d, uint32_t funcIndex, const ValTypeVector& locals) const ValTypeVector& locals) : mg_(mg), iter_(ValidatingPolicy(cx), d), locals_(locals), sig_(mg.funcSig(funcIndex)) locals_(locals) {} const ModuleGenerator& mg() const { return mg_; } ValidatingExprIter& iter() { return iter_; } const ValTypeVector& locals() const { return locals_; } const DeclaredSig& sig() const { return sig_; } bool checkI64Support() { if (!IsI64Implemented()) Loading Loading @@ -790,19 +787,23 @@ DecodeMemorySection(JSContext* cx, Decoder& d, ModuleGenerator& mg, MutableHandl if (!d.readVarU32(&initialSizePages)) return Fail(cx, d, "expected initial memory size"); CheckedInt<int32_t> initialSize = initialSizePages; CheckedInt<uint32_t> initialSize = initialSizePages; initialSize *= PageSize; if (!initialSize.isValid()) return Fail(cx, d, "initial memory size too big"); // ArrayBufferObject can't currently allocate more than INT32_MAX bytes. if (initialSize.value() > uint32_t(INT32_MAX)) return false; uint32_t maxSizePages; if (!d.readVarU32(&maxSizePages)) return Fail(cx, d, "expected initial memory size"); CheckedInt<int32_t> maxSize = maxSizePages; CheckedInt<uint32_t> maxSize = maxSizePages; maxSize *= PageSize; if (!maxSize.isValid()) return Fail(cx, d, "initial memory size too big"); return Fail(cx, d, "maximum memory size too big"); uint8_t exported; if (!d.readFixedU8(&exported)) Loading Loading @@ -932,7 +933,8 @@ DecodeFunctionBody(JSContext* cx, Decoder& d, ModuleGenerator& mg, uint32_t func return false; ValTypeVector locals; if (!locals.appendAll(mg.funcSig(funcIndex).args())) const DeclaredSig& sig = mg.funcSig(funcIndex); if (!locals.appendAll(sig.args())) return false; if (!DecodeLocalEntries(d, &locals)) Loading @@ -943,7 +945,7 @@ DecodeFunctionBody(JSContext* cx, Decoder& d, ModuleGenerator& mg, uint32_t func return false; } FunctionDecoder f(cx, mg, d, funcIndex, locals); FunctionDecoder f(cx, mg, d, locals); if (!f.iter().readFunctionStart()) return false; Loading @@ -953,7 +955,7 @@ DecodeFunctionBody(JSContext* cx, Decoder& d, ModuleGenerator& mg, uint32_t func return false; } if (!f.iter().readFunctionEnd(f.sig().ret(), nullptr)) if (!f.iter().readFunctionEnd(sig.ret(), nullptr)) return false; if (d.currentPosition() != bodyEnd) Loading
js/src/asmjs/WasmBinary.h +2 −2 Original line number Diff line number Diff line Loading @@ -664,9 +664,9 @@ class Decoder return cur_ == end_; } uintptr_t bytesRemain() const { size_t bytesRemain() const { MOZ_ASSERT(end_ >= cur_); return uintptr_t(end_ - cur_); return size_t(end_ - cur_); } const uint8_t* currentPosition() const { return cur_; Loading
js/src/asmjs/WasmBinaryIterator.h +5 −5 Original line number Diff line number Diff line Loading @@ -205,7 +205,7 @@ struct ExprIterPolicy static const bool Output = false; // This function is called to report failures. static bool fail(const char*, Decoder&) { static bool fail(const char*, const Decoder&) { MOZ_CRASH("unexpected validation failure"); return false; } Loading Loading @@ -666,7 +666,7 @@ ExprIter<Policy>::readReturn(Value* value) uint32_t arity; if (!readVarU32(&arity)) return fail("failed to read return arity"); if (arity > 1) if (Validate && arity > 1) return fail("return arity too big"); TypeAndValue<Value> tv; Loading Loading @@ -880,7 +880,7 @@ ExprIter<Policy>::readBr(uint32_t* relativeDepth, ExprType* type, Value* value) uint32_t arity; if (!readVarU32(&arity)) return fail("unable to read br arity"); if (arity > 1) if (Validate && arity > 1) return fail("br arity too big"); uint32_t validateRelativeDepth; Loading Loading @@ -919,7 +919,7 @@ ExprIter<Policy>::readBrIf(uint32_t* relativeDepth, ExprType* type, Value* value uint32_t arity; if (!readVarU32(&arity)) return fail("unable to read br_if arity"); if (arity > 1) if (Validate && arity > 1) return fail("br_if arity too big"); uint32_t validateRelativeDepth; Loading Loading @@ -964,7 +964,7 @@ ExprIter<Policy>::readBrTable(uint32_t* tableLength, ExprType* type, uint32_t arity; if (!readVarU32(&arity)) return fail("unable to read br_table arity"); if (arity > 1) if (Validate && arity > 1) return fail("br_table arity too big"); TypeAndValue<Value> tv; Loading
js/src/jit-test/tests/wasm/basic-memory.js +3 −0 Original line number Diff line number Diff line Loading @@ -163,3 +163,6 @@ assertErrorMessage(() => wasmEvalText('(module (memory 1) (func (f32.store offse assertErrorMessage(() => wasmEvalText('(module (memory 1) (func (i32.store offset=0 (i32.const 0) (f32.const 0))))'), TypeError, mismatchError("f32", "i32")); assertErrorMessage(() => wasmEvalText('(module (memory 1) (func (i32.store offset=0 (i32.const 0) (f64.const 0))))'), TypeError, mismatchError("f64", "i32")); wasmEvalText('(module (memory 0 65535))') assertErrorMessage(() => wasmEvalText('(module (memory 0 65536))'), TypeError, /maximum memory size too big/);
js/src/jit-test/tests/wasm/basic.js +1 −2 Original line number Diff line number Diff line Loading @@ -147,11 +147,10 @@ wasmEvalText('(module (import $foo "a" "" (result f64)))', {a: ()=> {}}); wasmEvalText('(module (memory 0))'); wasmEvalText('(module (memory 1))'); assertErrorMessage(() => wasmEvalText('(module (memory 65536))'), TypeError, /initial memory size too big/); assertErrorMessage(() => wasmEvalText('(module (memory 32768))'), TypeError, /initial memory size too big/); // May OOM, but must not crash: try { wasmEvalText('(module (memory 32767))'); wasmEvalText('(module (memory 65535))'); } catch (e) { print(e); assertEq(String(e).indexOf("out of memory") != -1, true); Loading
