WebAssembly.Memory: Do not call HasProperty to check if a property is present in the descriptor

Cellule · Cellule · commit 13b88b991664 · 2018-12-19T11:20:28.000-08:00
Check for NaN and Infinity for NonWrapping uint32 values
diff --git a/lib/Runtime/Library/WebAssembly.cpp b/lib/Runtime/Library/WebAssembly.cpp
@@ -288,12 +288,18 @@ Var WebAssembly::TryResolveResponse(RecyclableObject* function, Var thisArg, Var
 uint32
 WebAssembly::ToNonWrappingUint32(Var val, ScriptContext * ctx)
 {
-    double i = JavascriptConversion::ToInteger(val, ctx);
-    if (i < 0 || i > (double)UINT32_MAX)
+    double i = JavascriptConversion::ToNumber(val, ctx);
+    if (
+        JavascriptNumber::IsNan(i) ||
+        JavascriptNumber::IsPosInf(i) ||
+        JavascriptNumber::IsNegInf(i) ||
+        i < 0 ||
+        i > (double)UINT32_MAX
+    )
     {
-        JavascriptError::ThrowRangeError(ctx, JSERR_ArgumentOutOfRange);
+        JavascriptError::ThrowTypeError(ctx, JSERR_NeedNumber);
     }
-    return (uint32)i;
+    return (uint32)JavascriptConversion::ToInteger(i);
 }
 
 void
diff --git a/lib/Runtime/Library/WebAssemblyMemory.cpp b/lib/Runtime/Library/WebAssemblyMemory.cpp
@@ -75,31 +75,34 @@ WebAssemblyMemory::NewInstance(RecyclableObject* function, CallInfo callInfo, ..
     }
     DynamicObject * memoryDescriptor = VarTo<DynamicObject>(args[1]);
 
-    if (!JavascriptOperators::OP_HasProperty(memoryDescriptor, PropertyIds::initial, scriptContext))
+    Var initVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::initial, scriptContext);
+    if (Js::JavascriptOperators::IsUndefined(initVar))
     {
         JavascriptError::ThrowTypeError(scriptContext, JSERR_NeedNumber, _u("descriptor.initial"));
     }
-    Var initVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::initial, scriptContext);
     uint32 initial = WebAssembly::ToNonWrappingUint32(initVar, scriptContext);
 
     uint32 maximum = Wasm::Limits::GetMaxMemoryMaximumPages();
     bool hasMaximum = false;
-    if (JavascriptOperators::OP_HasProperty(memoryDescriptor, PropertyIds::maximum, scriptContext))
+    Var maxVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::maximum, scriptContext);
+    if (!Js::JavascriptOperators::IsUndefined(maxVar))
     {
         hasMaximum = true;
-        Var maxVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::maximum, scriptContext);
         maximum = WebAssembly::ToNonWrappingUint32(maxVar, scriptContext);
     }
 
     bool isShared = false;
-    if (Wasm::Threads::IsEnabled() && JavascriptOperators::OP_HasProperty(memoryDescriptor, PropertyIds::shared, scriptContext))
+    if (Wasm::Threads::IsEnabled())
     {
-        if (!hasMaximum)
+        Var sharedVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::shared, scriptContext);
+        if (!Js::JavascriptOperators::IsUndefined(sharedVar))
         {
-            JavascriptError::ThrowTypeError(scriptContext, WASMERR_SharedNoMaximum);
+            isShared = JavascriptConversion::ToBool(sharedVar, scriptContext);
+            if (!hasMaximum)
+            {
+                JavascriptError::ThrowTypeError(scriptContext, WASMERR_SharedNoMaximum);
+            }
         }
-        Var sharedVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::shared, scriptContext);
-        isShared = JavascriptConversion::ToBool(sharedVar, scriptContext);
     }
 
     return CreateMemoryObject(initial, maximum, isShared, scriptContext);

Original file line number	Diff line number	Diff line change
`@@ -288,12 +288,18 @@ Var WebAssembly::TryResolveResponse(RecyclableObject* function, Var thisArg, Var`
`288`	`288`	`uint32`
`289`	`289`	`WebAssembly::ToNonWrappingUint32(Var val, ScriptContext * ctx)`
`290`	`290`	`{`
`291`		`- double i = JavascriptConversion::ToInteger(val, ctx);`
`292`		`- if (i < 0 \|\| i > (double)UINT32_MAX)`
	`291`	`+ double i = JavascriptConversion::ToNumber(val, ctx);`
	`292`	`+ if (`
	`293`	`+ JavascriptNumber::IsNan(i) \|\|`
	`294`	`+ JavascriptNumber::IsPosInf(i) \|\|`
	`295`	`+ JavascriptNumber::IsNegInf(i) \|\|`
	`296`	`+ i < 0 \|\|`
	`297`	`+ i > (double)UINT32_MAX`
	`298`	`+ )`
`293`	`299`	`{`
`294`		`- JavascriptError::ThrowRangeError(ctx, JSERR_ArgumentOutOfRange);`
	`300`	`+ JavascriptError::ThrowTypeError(ctx, JSERR_NeedNumber);`
`295`	`301`	`}`
`296`		`- return (uint32)i;`
	`302`	`+ return (uint32)JavascriptConversion::ToInteger(i);`
`297`	`303`	`}`
`298`	`304`
`299`	`305`	`void`
Original file line number	Diff line number	Diff line change
`@@ -75,31 +75,34 @@ WebAssemblyMemory::NewInstance(RecyclableObject* function, CallInfo callInfo, ..`
`75`	`75`	`}`
`76`	`76`	`DynamicObject * memoryDescriptor = VarTo<DynamicObject>(args[1]);`
`77`	`77`
`78`		`- if (!JavascriptOperators::OP_HasProperty(memoryDescriptor, PropertyIds::initial, scriptContext))`
	`78`	`+ Var initVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::initial, scriptContext);`
	`79`	`+ if (Js::JavascriptOperators::IsUndefined(initVar))`
`79`	`80`	`{`
`80`	`81`	`JavascriptError::ThrowTypeError(scriptContext, JSERR_NeedNumber, _u("descriptor.initial"));`
`81`	`82`	`}`
`82`		`- Var initVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::initial, scriptContext);`
`83`	`83`	`uint32 initial = WebAssembly::ToNonWrappingUint32(initVar, scriptContext);`
`84`	`84`
`85`	`85`	`uint32 maximum = Wasm::Limits::GetMaxMemoryMaximumPages();`
`86`	`86`	`bool hasMaximum = false;`
`87`		`- if (JavascriptOperators::OP_HasProperty(memoryDescriptor, PropertyIds::maximum, scriptContext))`
	`87`	`+ Var maxVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::maximum, scriptContext);`
	`88`	`+ if (!Js::JavascriptOperators::IsUndefined(maxVar))`
`88`	`89`	`{`
`89`	`90`	`hasMaximum = true;`
`90`		`- Var maxVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::maximum, scriptContext);`
`91`	`91`	`maximum = WebAssembly::ToNonWrappingUint32(maxVar, scriptContext);`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`bool isShared = false;`
`95`		`- if (Wasm::Threads::IsEnabled() && JavascriptOperators::OP_HasProperty(memoryDescriptor, PropertyIds::shared, scriptContext))`
	`95`	`+ if (Wasm::Threads::IsEnabled())`
`96`	`96`	`{`
`97`		`- if (!hasMaximum)`
	`97`	`+ Var sharedVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::shared, scriptContext);`
	`98`	`+ if (!Js::JavascriptOperators::IsUndefined(sharedVar))`
`98`	`99`	`{`
`99`		`- JavascriptError::ThrowTypeError(scriptContext, WASMERR_SharedNoMaximum);`
	`100`	`+ isShared = JavascriptConversion::ToBool(sharedVar, scriptContext);`
	`101`	`+ if (!hasMaximum)`
	`102`	`+ {`
	`103`	`+ JavascriptError::ThrowTypeError(scriptContext, WASMERR_SharedNoMaximum);`
	`104`	`+ }`
`100`	`105`	`}`
`101`		`- Var sharedVar = JavascriptOperators::OP_GetProperty(memoryDescriptor, PropertyIds::shared, scriptContext);`
`102`		`- isShared = JavascriptConversion::ToBool(sharedVar, scriptContext);`
`103`	`106`	`}`
`104`	`107`
`105`	`108`	`return CreateMemoryObject(initial, maximum, isShared, scriptContext);`