[wasm] Fail upon second code section in streaming compilation

At the moment we check only in the module-decoder if the sections in a module appear at most once. The code section, however, we process already before this check. With this CL we check that there is at most one code section before we start processing it. R=clemensh@chromium.org TEST=WasmStreamingDecoderTest.TwoCodeSections Bug: chromium:771916 Change-Id: Icc79d5a87ab39f450a35c688f74ea5e67cae4b3c Reviewed-on: https://chromium-review.googlesource.com/702379Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#48314}

[wasm] Fail upon second code section in streaming compilation
At the moment we check only in the module-decoder if the sections in a module appear at most once. The code section, however, we process already before this check. With this CL we check that there is at most one code section before we start processing it. R=clemensh@chromium.org TEST=WasmStreamingDecoderTest.TwoCodeSections Bug: chromium:771916 Change-Id: Icc79d5a87ab39f450a35c688f74ea5e67cae4b3c Reviewed-on: https://chromium-review.googlesource.com/702379Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#48314}
44c400ee · Andreas Haas · Commit Bot · 50edfd17 · 44c400ee · 44c400ee
Commit 44c400ee authored Oct 05, 2017 by Andreas Haas Committed by Commit Bot Oct 05, 2017
Showing with 70 additions and 0 deletions

streaming-decoder.cc src/wasm/streaming-decoder.cc +1 -0

streaming-decoder.h src/wasm/streaming-decoder.h +9 -0

streaming-decoder-unittest.cc test/unittests/wasm/streaming-decoder-unittest.cc +60 -0

No files found.
--- a/src/wasm/streaming-decoder.cc
+++ b/src/wasm/streaming-decoder.cc
@@ -316,6 +316,7 @@ StreamingDecoder::DecodeSectionLength::NextWithValue(
  SectionBuffer* buf = streaming->CreateNewBuffer(
      module_offset(), section_id(), value(),
      Vector<const uint8_t>(buffer(), static_cast<int>(bytes_needed())));
+  if (!buf) return nullptr;
  if (value() == 0) {
    if (section_id() == SectionCode::kCodeSectionCode) {
      return streaming->Error("Code section cannot have size 0");

--- a/src/wasm/streaming-decoder.h
+++ b/src/wasm/streaming-decoder.h
@@ -184,6 +184,14 @@ class V8_EXPORT_PRIVATE StreamingDecoder {
  SectionBuffer* CreateNewBuffer(uint32_t module_offset, uint8_t id,
                                 size_t length,
                                 Vector<const uint8_t> length_bytes) {
+    // Check the order of sections. Unknown sections can appear at any position.
+    if (id != kUnknownSectionCode) {
+      if (id < next_section_id_) {
+        Error("Unexpected section");
+        return nullptr;
+      }
+      next_section_id_ = id + 1;
+    }
    section_buffers_.emplace_back(
        new SectionBuffer(module_offset, id, length, length_bytes));
    return section_buffers_.back().get();
@@ -241,6 +249,7 @@ class V8_EXPORT_PRIVATE StreamingDecoder {
  std::vector<std::unique_ptr<SectionBuffer>> section_buffers_;
  uint32_t module_offset_ = 0;
  size_t total_size_ = 0;
+  uint8_t next_section_id_ = kFirstSectionInModule;

  DISALLOW_COPY_AND_ASSIGN(StreamingDecoder);
 };

--- a/test/unittests/wasm/streaming-decoder-unittest.cc
+++ b/test/unittests/wasm/streaming-decoder-unittest.cc
@@ -574,6 +574,66 @@ TEST_F(WasmStreamingDecoderTest, NumberOfFunctionsTooLow) {
  };
  ExpectFailure(Vector<const uint8_t>(data, arraysize(data)));
 }
+
+TEST_F(WasmStreamingDecoderTest, TwoCodeSections) {
+  const uint8_t data[] = {
+      U32_LE(kWasmMagic),    // --
+      U32_LE(kWasmVersion),  // --
+      kCodeSectionCode,      // Section ID
+      0x3,                   // Section Length
+      0x1,                   // Number of Functions
+      0x1,                   // Function Length
+      0x0,                   // Function
+      kCodeSectionCode,      // Section ID
+      0x3,                   // Section Length
+      0x1,                   // Number of Functions
+      0x1,                   // Function Length
+      0x0,                   // Function
+  };
+  ExpectFailure(Vector<const uint8_t>(data, arraysize(data)));
+}
+
+TEST_F(WasmStreamingDecoderTest, UnknownSection) {
+  const uint8_t data[] = {
+      U32_LE(kWasmMagic),    // --
+      U32_LE(kWasmVersion),  // --
+      kCodeSectionCode,      // Section ID
+      0x3,                   // Section Length
+      0x1,                   // Number of Functions
+      0x1,                   // Function Length
+      0x0,                   // Function
+      kUnknownSectionCode,   // Section ID
+      0x3,                   // Section Length
+      0x1,                   // Name Length
+      0x1,                   // Name
+      0x0,                   // Content
+  };
+  ExpectVerifies(Vector<const uint8_t>(data, arraysize(data)), 1, 1);
+}
+
+TEST_F(WasmStreamingDecoderTest, UnknownSectionSandwich) {
+  const uint8_t data[] = {
+      U32_LE(kWasmMagic),    // --
+      U32_LE(kWasmVersion),  // --
+      kCodeSectionCode,      // Section ID
+      0x3,                   // Section Length
+      0x1,                   // Number of Functions
+      0x1,                   // Function Length
+      0x0,                   // Function
+      kUnknownSectionCode,   // Section ID
+      0x3,                   // Section Length
+      0x1,                   // Name Length
+      0x1,                   // Name
+      0x0,                   // Content
+      kCodeSectionCode,      // Section ID
+      0x3,                   // Section Length
+      0x1,                   // Number of Functions
+      0x1,                   // Function Length
+      0x0,                   // Function
+  };
+  ExpectFailure(Vector<const uint8_t>(data, arraysize(data)));
+}
+
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8