mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-08-09 01:29:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Isolate WebAssembly cache by global object

Browse source 
This change moves WebAssembly related data that was previously globally
accessible into the `WebAssemblyCache` object and creates one of these
per global object. This ensures that WebAssembly data cannot be
accessed across realms.
This commit is contained in:
Tim Ledbetter 2024-04-25 19:09:34 +01:00 committed by Ali Mohammad Pur
commit 6d4b8bde55
Notes: sideshowbarker 2024-07-17 02:57:43 +09:00
9 changed files with 121 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

11
Userland/Libraries/LibWeb/WebAssembly/Memory.cpp
View file

@ -23,12 +23,13 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<Memory>> Memory::construct_impl(JS::Realm&
Wasm::Limits limits { descriptor.initial, move(descriptor.maximum) };
Wasm::MemoryType memory_type { move(limits) };
auto address = Detail::s_abstract_machine.store().allocate(memory_type);
auto& cache = Detail::get_cache(realm);
auto address = cache.abstract_machine().store().allocate(memory_type);
if (!address.has_value())
return vm.throw_completion<JS::TypeError>("Wasm Memory allocation failed"sv);
auto memory_object = vm.heap().allocate<Memory>(realm, realm, *address);
Detail::s_abstract_machine.store().get(*address)->successful_grow_hook = [memory_object] {
cache.abstract_machine().store().get(*address)->successful_grow_hook = [memory_object] {
MUST(memory_object->reset_the_memory_buffer());
};
@ -58,7 +59,8 @@ WebIDL::ExceptionOr<u32> Memory::grow(u32 delta)
{
auto& vm = this->vm();
auto* memory = Detail::s_abstract_machine.store().get(address());
auto& context = Detail::get_cache(realm());
auto* memory = context.abstract_machine().store().get(address());
if (!memory)
return vm.throw_completion<JS::RangeError>("Could not find the memory instance to grow"sv);
@ -103,7 +105,8 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> Memory::buffer() const
// https://webassembly.github.io/spec/js-api/#create-a-memory-buffer
WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> Memory::create_a_memory_buffer(JS::VM& vm, JS::Realm& realm, Wasm::MemoryAddress address)
{
auto* memory = Detail::s_abstract_machine.store().get(address);
auto& context = Detail::get_cache(realm);
auto* memory = context.abstract_machine().store().get(address);
if (!memory)
return vm.throw_completion<JS::RangeError>("Could not find the memory instance"sv);