LibWasm: Make memory.grow grow the memory's type

After a `memory.grow`, the type of the memory instance should be updated so potential memory imports on the boundary are unlinkable.
Author: https://github.com/dzfrias Commit: 420a626554 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/563 Reviewed-by: https://github.com/alimpfard ✅
2025-07-29 04:09:13 +00:00 · 2024-07-10 15:05:20 -07:00 · 2024-07-10 15:05:20 -07:00 · 420a626554 · 2024-07-17 02:21:14 +09:00
commit 420a626554
parent d07cf26894
2 changed files with 16 additions and 3 deletions
--- a/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.h
+++ b/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.h
@ -410,7 +410,7 @@ public:
    {
        MemoryInstance instance { type };

-        if (!instance.grow(type.limits().min() * Constants::page_size))
+        if (!instance.grow(type.limits().min() * Constants::page_size, GrowType::No))
            return Error::from_string_literal("Failed to grow to requested size");

        return { move(instance) };
@ -426,7 +426,12 @@ public:
        Yes,
    };

-    bool grow(size_t size_to_grow, InhibitGrowCallback inhibit_callback = InhibitGrowCallback::No)
+    enum class GrowType {
+        No,
+        Yes,
+    };
+
+    bool grow(size_t size_to_grow, GrowType grow_type = GrowType::Yes, InhibitGrowCallback inhibit_callback = InhibitGrowCallback::No)
    {
        if (size_to_grow == 0)
            return true;
@ -450,6 +455,14 @@ public:
        if (inhibit_callback == InhibitGrowCallback::No && successful_grow_hook)
            successful_grow_hook();

+        if (grow_type == GrowType::Yes) {
+            // Grow the memory's type. We do this when encountering a `memory.grow`.
+            //
+            // See relevant spec link:
+            // https://www.w3.org/TR/wasm-core-2/#growing-memories%E2%91%A0
+            m_type = MemoryType { Limits(m_type.limits().min() + size_to_grow / Constants::page_size, m_type.limits().max()) };
+        }
+
        return true;
    }

--- a/Userland/Libraries/LibWeb/WebAssembly/Memory.cpp
+++ b/Userland/Libraries/LibWeb/WebAssembly/Memory.cpp
@ -66,7 +66,7 @@ WebIDL::ExceptionOr<u32> Memory::grow(u32 delta)
        return vm.throw_completion<JS::RangeError>("Could not find the memory instance to grow"sv);

    auto previous_size = memory->size() / Wasm::Constants::page_size;
-    if (!memory->grow(delta * Wasm::Constants::page_size, Wasm::MemoryInstance::InhibitGrowCallback::Yes))
+    if (!memory->grow(delta * Wasm::Constants::page_size, Wasm::MemoryInstance::GrowType::No, Wasm::MemoryInstance::InhibitGrowCallback::Yes))
        return vm.throw_completion<JS::RangeError>("Memory.grow() grows past the stated limit of the memory instance"sv);

    TRY(reset_the_memory_buffer());