From 420a626554ac595d6be68a590b8ad32b42db8ef8 Mon Sep 17 00:00:00 2001
From: Diego <96022404+dzfrias@users.noreply.github.com>
Date: Wed, 10 Jul 2024 15:05:20 -0700
Subject: [PATCH] LibWasm: Make `memory.grow` grow the memory's type

After a `memory.grow`, the type of the memory instance should be
updated so potential memory imports on the boundary are unlinkable.
---
 .../LibWasm/AbstractMachine/AbstractMachine.h   | 17 +++++++++++++++--
 .../Libraries/LibWeb/WebAssembly/Memory.cpp     |  2 +-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.h b/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.h
index ed702a9d585..a485c9f737e 100644
--- a/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.h
+++ b/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.h
@@ -410,7 +410,7 @@ public:
     {
         MemoryInstance instance { type };
 
-        if (!instance.grow(type.limits().min() * Constants::page_size))
+        if (!instance.grow(type.limits().min() * Constants::page_size, GrowType::No))
             return Error::from_string_literal("Failed to grow to requested size");
 
         return { move(instance) };
@@ -426,7 +426,12 @@ public:
         Yes,
     };
 
-    bool grow(size_t size_to_grow, InhibitGrowCallback inhibit_callback = InhibitGrowCallback::No)
+    enum class GrowType {
+        No,
+        Yes,
+    };
+
+    bool grow(size_t size_to_grow, GrowType grow_type = GrowType::Yes, InhibitGrowCallback inhibit_callback = InhibitGrowCallback::No)
     {
         if (size_to_grow == 0)
             return true;
@@ -450,6 +455,14 @@ public:
         if (inhibit_callback == InhibitGrowCallback::No && successful_grow_hook)
             successful_grow_hook();
 
+        if (grow_type == GrowType::Yes) {
+            // Grow the memory's type. We do this when encountering a `memory.grow`.
+            //
+            // See relevant spec link:
+            // https://www.w3.org/TR/wasm-core-2/#growing-memories%E2%91%A0
+            m_type = MemoryType { Limits(m_type.limits().min() + size_to_grow / Constants::page_size, m_type.limits().max()) };
+        }
+
         return true;
     }
 
diff --git a/Userland/Libraries/LibWeb/WebAssembly/Memory.cpp b/Userland/Libraries/LibWeb/WebAssembly/Memory.cpp
index ce61cd0c53b..26842392b22 100644
--- a/Userland/Libraries/LibWeb/WebAssembly/Memory.cpp
+++ b/Userland/Libraries/LibWeb/WebAssembly/Memory.cpp
@@ -66,7 +66,7 @@ WebIDL::ExceptionOr<u32> Memory::grow(u32 delta)
         return vm.throw_completion<JS::RangeError>("Could not find the memory instance to grow"sv);
 
     auto previous_size = memory->size() / Wasm::Constants::page_size;
-    if (!memory->grow(delta * Wasm::Constants::page_size, Wasm::MemoryInstance::InhibitGrowCallback::Yes))
+    if (!memory->grow(delta * Wasm::Constants::page_size, Wasm::MemoryInstance::GrowType::No, Wasm::MemoryInstance::InhibitGrowCallback::Yes))
         return vm.throw_completion<JS::RangeError>("Memory.grow() grows past the stated limit of the memory instance"sv);
 
     TRY(reset_the_memory_buffer());