diff options
| author | Alon Zakai <azakai@google.com> | 2020-10-09 16:58:18 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-09 16:58:18 -0700 |
| commit | 399cb3df1e2e053fc601ed77744d41fe2378e54c (patch) | |
| tree | 59dfc0bd670532bdb8116e69c437481022e9465a /scripts | |
| parent | 7f5bb7ab4c4d44316dc191f17a3cbdf7fb2e6d31 (diff) | |
| download | binaryen-399cb3df1e2e053fc601ed77744d41fe2378e54c.tar.gz binaryen-399cb3df1e2e053fc601ed77744d41fe2378e54c.tar.bz2 binaryen-399cb3df1e2e053fc601ed77744d41fe2378e54c.zip | |
Asyncify fuzzing harness fix for growth (#3205)
Fuzzing Asyncify on data with a memory growth showed that the harness
did not handle a growth. When growth happens we must recreate the view.
For simplicity, always refresh, in a location that dominates all the uses.
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/fuzz_shell.js | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/scripts/fuzz_shell.js b/scripts/fuzz_shell.js index 5a652a096..d55007b18 100644 --- a/scripts/fuzz_shell.js +++ b/scripts/fuzz_shell.js @@ -55,6 +55,7 @@ var Asyncify = { if (typeof imports[module][i] === 'function') { (function(module, i) { ret[module][i] = function() { + refreshView(); if (!Asyncify.sleeping) { // Sleep if asyncify support is present (which also requires // that the memory be exported), and at a certain probability. @@ -179,8 +180,14 @@ var instance = new WebAssembly.Instance(new WebAssembly.Module(binary), imports) // Handle the exports. var exports = instance.exports; exports = Asyncify.instrumentExports(exports); -if (exports.memory) { - var view = new Int32Array(exports.memory.buffer); + +var view; + +// Recreate the view. This is important both initially and after a growth. +function refreshView() { + if (exports.memory) { + view = new Int32Array(exports.memory.buffer); + } } // Run the wasm. |