• Manos Koukoutos's avatar
    [wasm-gc] read_heap_type should check if index is in module bounds · 0396b732
    Manos Koukoutos authored
    read_heap_type did not have knowledge of the module for which the heap
    type was being decoded. As a result, callers of read_heap_type (or
    read_value_type, which in turn calls read_heap_type) had to check after
    the fact that a decoded indexed type (ref, ref null, or rtt) references
    a type index within the module's bounds. This was not done consistently,
    and was missing (at least) in DecodeLocals.
    To avoid such problems in the future, this CL refactors read_heap_type
    to accept a module and check the decoded index against it.
    
    Changes:
    - Add WasmModule argument to read_heap_type. Do so accordingly to all
      its transitive callers (read_value_type, immediate arguments,
      DecodeLocalDecls, DecodeValue/HeapType in unittests).
    - Add index check to read_heap_type and emit an error for an
      out-of-bounds index.
    - Remove all other now-redundant index validations. Replace them with
      decoder->ok() if needed (since read_heap_type will now emit an error).
    - Fix error message in Validate for BlockTypeImmediate.
    - In DecodeLocalDecls in unittests, pass an empty module to
      DecodeLocalDecls in the main code.
    - Add a unit test with an invalid index in local type declarations.
    
    Bug: v8:9495
    Change-Id: I4ed1204847db80f78b6ae85fa40d300cd2456295
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569757Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
    Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#71572}
    0396b732
wasm-fuzzer-common.cc 13.6 KB