[wasm] Decoder should fail on 0-length unknown sections

R=clemensb@chromium.org Bug: v8:10994 Change-Id: I2145559f6b9f4d378a0b8c063133e8d59b7ce4d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2629510Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#72098}

[wasm] Decoder should fail on 0-length unknown sections
R=clemensb@chromium.org Bug: v8:10994 Change-Id: I2145559f6b9f4d378a0b8c063133e8d59b7ce4d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2629510Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#72098}
1ac46e46 · Andreas Haas · Commit Bot · b95210bf · 1ac46e46 · 1ac46e46
Commit 1ac46e46 authored Jan 14, 2021 by Andreas Haas Committed by Commit Bot Jan 14, 2021
Showing with 9 additions and 6 deletions

module-decoder.cc src/wasm/module-decoder.cc +2 -1

module-decoder-unittest.cc test/unittests/wasm/module-decoder-unittest.cc +7 -0

wasm-spec-tests.status test/wasm-spec-tests/wasm-spec-tests.status +0 -5

No files found.
--- a/src/wasm/module-decoder.cc
+++ b/src/wasm/module-decoder.cc
@@ -1246,7 +1246,7 @@ class ModuleDecoderImpl : public Decoder {
    WasmSectionIterator section_iter(&decoder);
-    while (ok() && section_iter.more()) {
+    while (ok()) {
      // Shift the offset by the section header length
      offset += section_iter.payload_start() - section_iter.section_start();
      if (section_iter.section_code() != SectionCode::kUnknownSectionCode) {
@@ -1255,6 +1255,7 @@ class ModuleDecoderImpl : public Decoder {
      }
      // Shift the offset by the remaining section payload
      offset += section_iter.payload_length();
+      if (!section_iter.more()) break;
      section_iter.advance(true);
    }

--- a/test/unittests/wasm/module-decoder-unittest.cc
+++ b/test/unittests/wasm/module-decoder-unittest.cc
@@ -225,6 +225,13 @@ TEST_F(WasmModuleVerifyTest, WrongVersion) {
  }
 }
+TEST_F(WasmModuleVerifyTest, WrongSection) {
+  constexpr byte kInvalidSection = 0x1c;
+  const byte data[] = {kInvalidSection, 0};
+  ModuleResult result = DecodeModule(data, data + sizeof(data));
+  EXPECT_FALSE(result.ok());
+}
 TEST_F(WasmModuleVerifyTest, DecodeEmpty) {
  ModuleResult result = DecodeModule(nullptr, nullptr);
  EXPECT_TRUE(result.ok());

--- a/test/wasm-spec-tests/wasm-spec-tests.status
+++ b/test/wasm-spec-tests/wasm-spec-tests.status
@@ -5,14 +5,9 @@
 [
 [ALWAYS, {
  'skip-stack-guard-page': [PASS, ['((arch == ppc or arch == ppc64 or arch == s390 or arch == s390x) and simulator_run)', SKIP]],
-  # TODO(wasm) Investigate failing spec tests after update.
-  'binary': [FAIL],
-  'proposals/bulk-memory-operations/binary': [FAIL],
  # TODO(v8:10994): Failing spec test after update.
-  'proposals/simd/binary': [FAIL],
  'proposals/simd/data': [FAIL],
  'proposals/js-types/data': [FAIL],
-  'proposals/reference-types/binary': [FAIL],
  # TODO(v8:9144): The MVP behavior when bounds-checking segments changed in
  # the bulk-memory proposal. Since we've enabled bulk-memory by default, we