Mercurial > mozreview > gecko / changeset / ea7ab7f323309545f9952f5042ab20ef4edc554d
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1363431: wasm: Check for maximum br_table size; r?luke draft
authorBenjamin Bouvier <benj@benj.me>
Tue, 09 May 2017 18:33:40 +0200
changeset 574964 ea7ab7f323309545f9952f5042ab20ef4edc554d
parent 574963 aa210d7d1b43299805a03333f793aa147bf89287
child 627746 2cce54fba8b9bc811062d71702d7144607d44d21
push id57867
push userbbouvier@mozilla.com
push dateTue, 09 May 2017 16:33:57 +0000
reviewersluke
bugs1363431
milestone55.0a1
Bug 1363431: wasm: Check for maximum br_table size; r?luke MozReview-Commit-ID: 2Q2pWi5NSn7
js/src/wasm/WasmBinaryIterator.h file | annotate | diff | comparison | revisions 
--- a/js/src/wasm/WasmBinaryIterator.h
+++ b/js/src/wasm/WasmBinaryIterator.h
@@ -1076,16 +1076,19 @@ OpIter<Policy>::readBrTable(Uint32Vector
                             ExprType* branchValueType, Value* branchValue, Value* index)
 {
     MOZ_ASSERT(Classify(op_) == OpKind::BrTable);
 
     uint32_t tableLength;
     if (!readVarU32(&tableLength))
         return fail("unable to read br_table table length");
 
+    if (tableLength > MaxBrTableElems)
+        return fail("br_table too big");
+
     if (!popWithType(ValType::I32, index))
         return false;
 
     if (!depths->resize(tableLength))
         return false;
 
     *branchValueType = ExprType::Limit;
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.