Commit 1ff33c41 authored by Thibaud Michaud's avatar Thibaud Michaud Committed by Commit Bot

[wasm][fuzzer] Add missing signature check in interpreter runner

R=zhin@chromium.org

Bug: chromium:1134324
Change-Id: Ica1f8c290ba496c7c24d8ec46f963f389ad9e8fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445875Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70291}
parent c104c4b4
......@@ -21,7 +21,8 @@ class WasmFeatures;
struct WasmModule;
std::ostream& operator<<(std::ostream& os, const FunctionSig& function);
bool IsJSCompatibleSignature(const FunctionSig* sig, const WasmModule* module,
bool V8_EXPORT_PRIVATE IsJSCompatibleSignature(const FunctionSig* sig,
const WasmModule* module,
const WasmFeatures&);
// Control expressions and blocks.
......
......@@ -14,6 +14,7 @@
#include "src/wasm/wasm-js.h"
#include "src/wasm/wasm-module.h"
#include "src/wasm/wasm-objects.h"
#include "src/wasm/wasm-opcodes.h"
#include "src/wasm/wasm-result.h"
#include "test/common/wasm/wasm-interpreter.h"
......@@ -137,6 +138,13 @@ WasmInterpretationResult InterpretWasmModule(
v8::internal::HandleScope scope(isolate);
const WasmFunction* func = &instance->module()->functions[function_index];
CHECK(func->exported);
// This would normally be handled by export wrappers.
if (!IsJSCompatibleSignature(func->sig, instance->module(),
WasmFeatures::FromIsolate(isolate))) {
return WasmInterpretationResult::Trapped(false);
}
WasmInterpreter interpreter{
isolate, instance->module(),
ModuleWireBytes{instance->module_object().native_module()->wire_bytes()},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment