summaryrefslogtreecommitdiffstats
path: root/chromium/v8/src/wasm/wasm-objects.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/v8/src/wasm/wasm-objects.cc')
-rw-r--r--chromium/v8/src/wasm/wasm-objects.cc2
1 files changed, 2 insertions, 0 deletions
diff --git a/chromium/v8/src/wasm/wasm-objects.cc b/chromium/v8/src/wasm/wasm-objects.cc
index 71839ba27cf..1f00b4c7028 100644
--- a/chromium/v8/src/wasm/wasm-objects.cc
+++ b/chromium/v8/src/wasm/wasm-objects.cc
@@ -256,6 +256,7 @@ Handle<JSArrayBuffer> GrowMemoryBuffer(Isolate* isolate,
Address old_mem_start = nullptr;
uint32_t old_size = 0;
if (!old_buffer.is_null()) {
+ if (!old_buffer->is_growable()) return Handle<JSArrayBuffer>::null();
old_mem_start = static_cast<Address>(old_buffer->backing_store());
CHECK(old_buffer->byte_length()->ToUint32(&old_size));
}
@@ -358,6 +359,7 @@ int32_t WasmMemoryObject::Grow(Isolate* isolate,
Handle<WasmMemoryObject> memory_object,
uint32_t pages) {
Handle<JSArrayBuffer> old_buffer(memory_object->array_buffer());
+ if (!old_buffer->is_growable()) return -1;
uint32_t old_size = 0;
CHECK(old_buffer->byte_length()->ToUint32(&old_size));
Handle<JSArrayBuffer> new_buffer;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 12:37:34 +0000