Bug 1280934 - make sure to bind prolog and return labels in epilog even if aborting the compilation. r=bbouvier

--HG-- extra : rebase_source : 6c407e98a2b4b20416884cc253d0ef6f231fe067 extra : histedit_source : 42c5c2678b44f5213e9b5841feabd81c25b6402b
2016-06-22 11:22:03 +02:00 · 2016-06-22 11:22:03 +02:00 · 826683447e
--- a/js/src/asmjs/WasmBaselineCompile.cpp
+++ b/js/src/asmjs/WasmBaselineCompile.cpp
@ -1725,12 +1725,6 @@ class BaseCompiler
    }

    bool endFunction() {
-        // A frame greater than 256KB is implausible, probably an attack,
-        // so bail out.
-
-        if (maxFramePushed_ > 256 * 1024)
-            return false;
-
        // Out-of-line prologue.  Assumes that the in-line prologue has
        // been executed and that a frame of size = localSize_ + sizeof(AsmJSFrame)
        // has been allocated.
@ -1772,6 +1766,12 @@ class BaseCompiler

        compileResults_.offsets().end = masm.currentOffset();

+        // A frame greater than 256KB is implausible, probably an attack,
+        // so fail the compilation.
+
+        if (maxFramePushed_ > 256 * 1024)
+            return false;
+
        return true;
    }

--- a/js/src/jit-test/tests/wasm/regress/too-large-frame.js
+++ b/js/src/jit-test/tests/wasm/regress/too-large-frame.js
@ -0,0 +1,30 @@
+// |jit-test| test-also-wasm-baseline
+load(libdir + "wasm.js");
+
+// Bug 1280934, equivalent test case.
+
+try {
+
+wasmEvalText(
+`(module
+  (func $func0 (result i32) ${locals()}
+   (i32.const 0))
+  (export "" 0))`);
+
+} catch (e) {
+    // The wasm baseline compiler throws OOM on too-large frames, so
+    // handle that.
+    if (!String(e).match(/out of memory/))
+	throw e;
+}
+
+// The wasm baseline compiler cuts off frames at 256KB at the moment;
+// the test case for bug 1280934 constructed a frame around 512KB so
+// duplicate that here.
+
+function locals() {
+    var s = "";
+    for ( var i=0 ; i < 64000 ; i++ )
+	s += "(local f64)\n";
+    return s;
+}