diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/wasm-interpreter.h | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h index b622087c8..059f2d950 100644 --- a/src/wasm-interpreter.h +++ b/src/wasm-interpreter.h @@ -1620,7 +1620,7 @@ public: // vector that takes around 1-2GB of memory then we are likely to hit memory // limits on 32-bit machines, and in particular on wasm32 VMs that do not // have 4GB support, so give up there. - static const Index ArrayLimit = (1 << 30) / sizeof(Literal); + static const Index DataLimit = (1 << 30) / sizeof(Literal); Flow visitArrayNew(ArrayNew* curr) { NOTE_ENTER("ArrayNew"); @@ -1645,7 +1645,7 @@ public: auto heapType = curr->type.getHeapType(); const auto& element = heapType.getArray().element; Index num = size.getSingleValue().geti32(); - if (num >= ArrayLimit) { + if (num >= DataLimit) { hostLimit("allocation failure"); } Literals data(num); @@ -1668,7 +1668,7 @@ public: Flow visitArrayNewFixed(ArrayNewFixed* curr) { NOTE_ENTER("ArrayNewFixed"); Index num = curr->values.size(); - if (num >= ArrayLimit) { + if (num >= DataLimit) { hostLimit("allocation failure"); } if (curr->type == Type::unreachable) { @@ -1953,6 +1953,11 @@ public: trap("null ref"); } + auto totalSize = leftData->values.size() + rightData->values.size(); + if (totalSize >= DataLimit) { + hostLimit("allocation failure"); + } + Literals contents; contents.reserve(leftData->values.size() + rightData->values.size()); for (Literal& l : leftData->values) { |