From 399cb3df1e2e053fc601ed77744d41fe2378e54c Mon Sep 17 00:00:00 2001
From: Alon Zakai <azakai@google.com>
Date: Fri, 9 Oct 2020 16:58:18 -0700
Subject: Asyncify fuzzing harness fix for growth (#3205)

Fuzzing Asyncify on data with a memory growth showed that the harness
did not handle a growth. When growth happens we must recreate the view.
For simplicity, always refresh, in a location that dominates all the uses.
---
 scripts/fuzz_shell.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'scripts/fuzz_shell.js')

diff --git a/scripts/fuzz_shell.js b/scripts/fuzz_shell.js
index 5a652a096..d55007b18 100644
--- a/scripts/fuzz_shell.js
+++ b/scripts/fuzz_shell.js
@@ -55,6 +55,7 @@ var Asyncify = {
         if (typeof imports[module][i] === 'function') {
           (function(module, i) {
             ret[module][i] = function() {
+              refreshView();
               if (!Asyncify.sleeping) {
                 // Sleep if asyncify support is present (which also requires
                 // that the memory be exported), and at a certain probability.
@@ -179,8 +180,14 @@ var instance = new WebAssembly.Instance(new WebAssembly.Module(binary), imports)
 // Handle the exports.
 var exports = instance.exports;
 exports = Asyncify.instrumentExports(exports);
-if (exports.memory) {
-  var view = new Int32Array(exports.memory.buffer);
+
+var view;
+
+// Recreate the view. This is important both initially and after a growth.
+function refreshView() {
+  if (exports.memory) {
+    view = new Int32Array(exports.memory.buffer);
+  }
 }
 
 // Run the wasm.
-- 
cgit v1.2.3