github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

chore: cherry-pick 1 change from Release-2-M122 (#41520)

Browse Source
This commit is contained in:
Pedro Pontes
2024-03-07 10:09:49 -08:00
committed by GitHub
parent 085363db07
commit 82b648e491
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
patches/v8/.patches
View File

@@ -2,3 +2,4 @@ build_gn.patch
do_not_export_private_v8_symbols_on_windows.patch
fix_build_deprecated_attribute_for_older_msvc_versions.patch
chore_allow_customizing_microtask_policy_per_context.patch
merged_wasm_add_bounds_check_in_tier-up_of_wasm-to-js_wrapper.patch

37
patches/v8/merged_wasm_add_bounds_check_in_tier-up_of_wasm-to-js_wrapper.patch Normal file
View File

@@ -0,0 +1,37 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Andreas Haas <ahaas@chromium.org>
Date: Tue, 20 Feb 2024 16:27:22 +0100
Subject: Merged: [wasm] Add bounds check in tier-up of wasm-to-js wrapper
The entry index in the WasmApiFunctionRef was used to look for the given
WasmApiFunctionRef in the indirect function tables, but it was not
considered that the indirect function tables can have different lengths.
R=clemensb@chromium.org
Bug: 325893559
(cherry picked from commit 7330f46163e8a2c10a3d40ecbf554656f0ac55e8)
Change-Id: I52355890e21490c75566216985680c64e0b0db75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5323850
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#38}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
diff --git a/src/runtime/runtime-wasm.cc b/src/runtime/runtime-wasm.cc
index 5f711bc606633bd916356f0eca5799ce63760dbd..1077e6bb3ec359ef540987d030e244f1789aa14d 100644
--- a/src/runtime/runtime-wasm.cc
+++ b/src/runtime/runtime-wasm.cc
@@ -602,7 +602,8 @@ RUNTIME_FUNCTION(Runtime_TierUpWasmToJSWrapper) {
for (int table_index = 0; table_index < table_count; ++table_index) {
Handle<WasmIndirectFunctionTable> table =
instance->GetIndirectFunctionTable(isolate, table_index);
- if (table->refs()->get(entry_index) == *ref) {
+ if (entry_index < table->refs()->length() &&
+ table->refs()->get(entry_index) == *ref) {
table->targets()
->set<ExternalPointerTag::kWasmIndirectFunctionTargetTag>(
entry_index, isolate, wasm_code->instruction_start());