diff options
-rw-r--r-- | src/wasm-interpreter.h | 9 | ||||
-rw-r--r-- | test/lit/exec/memory64.wast | 12 |
2 files changed, 19 insertions, 2 deletions
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h index f3471cfa8..81531e27c 100644 --- a/src/wasm-interpreter.h +++ b/src/wasm-interpreter.h @@ -3836,10 +3836,15 @@ public: auto fail = Literal::makeFromInt64(-1, memory->addressType); Flow ret = Literal::makeFromInt64(memorySize, addressType); uint64_t delta = flow.getSingleValue().getUnsigned(); - if (delta > uint32_t(-1) / Memory::kPageSize && addressType == Type::i32) { + uint64_t maxAddr = addressType == Type::i32 + ? std::numeric_limits<uint32_t>::max() + : std::numeric_limits<uint64_t>::max(); + if (delta > maxAddr / Memory::kPageSize) { + // Impossible to grow this much. return fail; } - if (memorySize >= uint32_t(-1) - delta && addressType == Type::i32) { + if (memorySize >= maxAddr - delta) { + // Overflow. return fail; } auto newSize = memorySize + delta; diff --git a/test/lit/exec/memory64.wast b/test/lit/exec/memory64.wast index 273f2679a..0d28e719f 100644 --- a/test/lit/exec/memory64.wast +++ b/test/lit/exec/memory64.wast @@ -28,6 +28,14 @@ (i32.const 10) ) ) + + ;; CHECK: [fuzz-exec] calling memory.grow.fail + ;; CHECK-NEXT: [fuzz-exec] note result: memory.grow.fail => -1 + (func $memory.grow.fail (export "memory.grow.fail") (result i64) + (memory.grow + (i64.const -1) + ) + ) ) ;; CHECK: [fuzz-exec] calling memory.init.trap @@ -35,5 +43,9 @@ ;; CHECK: [fuzz-exec] calling memory.init.trap2 ;; CHECK-NEXT: [trap out of bounds segment access in memory.init] + +;; CHECK: [fuzz-exec] calling memory.grow.fail +;; CHECK-NEXT: [fuzz-exec] note result: memory.grow.fail => -1 +;; CHECK-NEXT: [fuzz-exec] comparing memory.grow.fail ;; CHECK-NEXT: [fuzz-exec] comparing memory.init.trap ;; CHECK-NEXT: [fuzz-exec] comparing memory.init.trap2 |