Commit 3ced15cb authored by Clemens Hammacher's avatar Clemens Hammacher Committed by Commit Bot

[wasm] [fuzzer] Fix segfault

Even though we were generating additional arguments with default value
in the case that the caller was not providing enough, we then passed
the original pointer, leading to potential out-of-bounds accesses.

R=ahaas@chromium.org

Bug: chromium:763294,chromium:763297
Change-Id: Id18622d0d40e0408e26a5fc6f97494b5f9e18d17
Reviewed-on: https://chromium-review.googlesource.com/657699Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47930}
parent 181c03e9
...@@ -88,7 +88,8 @@ bool InterpretWasmModuleForTesting(Isolate* isolate, ...@@ -88,7 +88,8 @@ bool InterpretWasmModuleForTesting(Isolate* isolate,
WasmInterpreter::HeapObjectsScope heap_objects_scope(interpreter, instance); WasmInterpreter::HeapObjectsScope heap_objects_scope(interpreter, instance);
WasmInterpreter::Thread* thread = interpreter->GetThread(0); WasmInterpreter::Thread* thread = interpreter->GetThread(0);
thread->Reset(); thread->Reset();
thread->InitFrame(&(instance->module()->functions[function_index]), args); thread->InitFrame(&instance->module()->functions[function_index],
arguments.get());
WasmInterpreter::State interpreter_result = thread->Run(kMaxNumSteps); WasmInterpreter::State interpreter_result = thread->Run(kMaxNumSteps);
return interpreter_result != WasmInterpreter::PAUSED; return interpreter_result != WasmInterpreter::PAUSED;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment