Skip to content

V
V8
Commit 396dbab6 authored by ahaas's avatar ahaas Committed by Commit bot
Browse files
Options

[wasm] Break loops in the module-decoder upon error. 

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2362663002
Cr-Commit-Position: refs/heads/master@{#39628}
parent d008b9ef
Hide whitespace changes
Inline Side-by-side
Showing with 11 additions and 18 deletions
src/wasm/module-decoder.cc
View file @ 396dbab6
...@@ -151,8 +151,7 @@ class ModuleDecoder : public Decoder { ...@@ -151,8 +151,7 @@ class ModuleDecoder : public Decoder {
uint32_t signatures_count = consume_u32v("signatures count"); uint32_t signatures_count = consume_u32v("signatures count");
module->signatures.reserve(SafeReserve(signatures_count)); module->signatures.reserve(SafeReserve(signatures_count));
// Decode signatures. // Decode signatures.
for (uint32_t i = 0; i < signatures_count; ++i) { for (uint32_t i = 0; ok() && i < signatures_count; ++i) {
if (failed()) break;
TRACE("DecodeSignature[%d] module+%d\n", i, TRACE("DecodeSignature[%d] module+%d\n", i,
static_cast<int>(pc_ - start_)); static_cast<int>(pc_ - start_));
FunctionSig* s = consume_sig(); FunctionSig* s = consume_sig();
...@@ -163,8 +162,7 @@ class ModuleDecoder : public Decoder { ...@@ -163,8 +162,7 @@ class ModuleDecoder : public Decoder {
case WasmSection::Code::FunctionSignatures: { case WasmSection::Code::FunctionSignatures: {
uint32_t functions_count = consume_u32v("functions count"); uint32_t functions_count = consume_u32v("functions count");
module->functions.reserve(SafeReserve(functions_count)); module->functions.reserve(SafeReserve(functions_count));
for (uint32_t i = 0; i < functions_count; ++i) { for (uint32_t i = 0; ok() && i < functions_count; ++i) {
if (failed()) break;
module->functions.push_back({nullptr, // sig module->functions.push_back({nullptr, // sig
i, // func_index i, // func_index
0, // sig_index 0, // sig_index
...@@ -186,7 +184,7 @@ class ModuleDecoder : public Decoder { ...@@ -186,7 +184,7 @@ class ModuleDecoder : public Decoder {
static_cast<uint32_t>(module->functions.size())); static_cast<uint32_t>(module->functions.size()));
break; break;
} }
for (uint32_t i = 0; i < functions_count; ++i) { for (uint32_t i = 0; ok() && i < functions_count; ++i) {
WasmFunction* function = &module->functions[i]; WasmFunction* function = &module->functions[i];
uint32_t size = consume_u32v("body size"); uint32_t size = consume_u32v("body size");
function->code_start_offset = pc_offset(); function->code_start_offset = pc_offset();
...@@ -211,13 +209,13 @@ class ModuleDecoder : public Decoder { ...@@ -211,13 +209,13 @@ class ModuleDecoder : public Decoder {
break; break;
} }
for (uint32_t i = 0; i < functions_count; ++i) { for (uint32_t i = 0; ok() && i < functions_count; ++i) {
WasmFunction* function = &module->functions[i]; WasmFunction* function = &module->functions[i];
function->name_offset = function->name_offset =
consume_string(&function->name_length, false); consume_string(&function->name_length, false);
uint32_t local_names_count = consume_u32v("local names count"); uint32_t local_names_count = consume_u32v("local names count");
for (uint32_t j = 0; j < local_names_count; j++) { for (uint32_t j = 0; ok() && j < local_names_count; j++) {
uint32_t unused = 0; uint32_t unused = 0;
uint32_t offset = consume_string(&unused, false); uint32_t offset = consume_string(&unused, false);
USE(unused); USE(unused);
...@@ -230,8 +228,7 @@ class ModuleDecoder : public Decoder { ...@@ -230,8 +228,7 @@ class ModuleDecoder : public Decoder {
uint32_t globals_count = consume_u32v("globals count"); uint32_t globals_count = consume_u32v("globals count");
module->globals.reserve(SafeReserve(globals_count)); module->globals.reserve(SafeReserve(globals_count));
// Decode globals. // Decode globals.
for (uint32_t i = 0; i < globals_count; ++i) { for (uint32_t i = 0; ok() && i < globals_count; ++i) {
if (failed()) break;
TRACE("DecodeGlobal[%d] module+%d\n", i, TRACE("DecodeGlobal[%d] module+%d\n", i,
static_cast<int>(pc_ - start_)); static_cast<int>(pc_ - start_));
// Add an uninitialized global and pass a pointer to it. // Add an uninitialized global and pass a pointer to it.
...@@ -245,8 +242,7 @@ class ModuleDecoder : public Decoder { ...@@ -245,8 +242,7 @@ class ModuleDecoder : public Decoder {
uint32_t data_segments_count = consume_u32v("data segments count"); uint32_t data_segments_count = consume_u32v("data segments count");
module->data_segments.reserve(SafeReserve(data_segments_count)); module->data_segments.reserve(SafeReserve(data_segments_count));
// Decode data segments. // Decode data segments.
for (uint32_t i = 0; i < data_segments_count; ++i) { for (uint32_t i = 0; ok() && i < data_segments_count; ++i) {
if (failed()) break;
TRACE("DecodeDataSegment[%d] module+%d\n", i, TRACE("DecodeDataSegment[%d] module+%d\n", i,
static_cast<int>(pc_ - start_)); static_cast<int>(pc_ - start_));
module->data_segments.push_back({0, // dest_addr module->data_segments.push_back({0, // dest_addr
...@@ -265,8 +261,7 @@ class ModuleDecoder : public Decoder { ...@@ -265,8 +261,7 @@ class ModuleDecoder : public Decoder {
static const uint32_t kSupportedTableCount = 1; static const uint32_t kSupportedTableCount = 1;
module->function_tables.reserve(SafeReserve(kSupportedTableCount)); module->function_tables.reserve(SafeReserve(kSupportedTableCount));
// Decode function table. // Decode function table.
for (uint32_t i = 0; i < kSupportedTableCount; ++i) { for (uint32_t i = 0; ok() && i < kSupportedTableCount; ++i) {
if (failed()) break;
TRACE("DecodeFunctionTable[%d] module+%d\n", i, TRACE("DecodeFunctionTable[%d] module+%d\n", i,
static_cast<int>(pc_ - start_)); static_cast<int>(pc_ - start_));
module->function_tables.push_back({0, 0, std::vector<uint16_t>()}); module->function_tables.push_back({0, 0, std::vector<uint16_t>()});
...@@ -294,8 +289,7 @@ class ModuleDecoder : public Decoder { ...@@ -294,8 +289,7 @@ class ModuleDecoder : public Decoder {
uint32_t import_table_count = consume_u32v("import table count"); uint32_t import_table_count = consume_u32v("import table count");
module->import_table.reserve(SafeReserve(import_table_count)); module->import_table.reserve(SafeReserve(import_table_count));
// Decode import table. // Decode import table.
for (uint32_t i = 0; i < import_table_count; ++i) { for (uint32_t i = 0; ok() && i < import_table_count; ++i) {
if (failed()) break;
TRACE("DecodeImportTable[%d] module+%d\n", i, TRACE("DecodeImportTable[%d] module+%d\n", i,
static_cast<int>(pc_ - start_)); static_cast<int>(pc_ - start_));
...@@ -325,8 +319,7 @@ class ModuleDecoder : public Decoder { ...@@ -325,8 +319,7 @@ class ModuleDecoder : public Decoder {
uint32_t export_table_count = consume_u32v("export table count"); uint32_t export_table_count = consume_u32v("export table count");
module->export_table.reserve(SafeReserve(export_table_count)); module->export_table.reserve(SafeReserve(export_table_count));
// Decode export table. // Decode export table.
for (uint32_t i = 0; i < export_table_count; ++i) { for (uint32_t i = 0; ok() && i < export_table_count; ++i) {
if (failed()) break;
TRACE("DecodeExportTable[%d] module+%d\n", i, TRACE("DecodeExportTable[%d] module+%d\n", i,
static_cast<int>(pc_ - start_)); static_cast<int>(pc_ - start_));
...@@ -518,7 +511,7 @@ class ModuleDecoder : public Decoder { ...@@ -518,7 +511,7 @@ class ModuleDecoder : public Decoder {
error("invalid table maximum size"); error("invalid table maximum size");
} }
for (uint32_t i = 0; i < table->size; ++i) { for (uint32_t i = 0; ok() && i < table->size; ++i) {
uint16_t index = consume_u32v(); uint16_t index = consume_u32v();
if (index >= module->functions.size()) { if (index >= module->functions.size()) {
error(pc_ - sizeof(index), "invalid function index"); error(pc_ - sizeof(index), "invalid function index");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment