Commit 56362efc authored by Manos Koukoutos's avatar Manos Koukoutos Committed by Commit Bot

[wasm][bug] Update num_locals_ earlier in DecodeLocals

If DecodeLocals exits early, num_locals_ is left in an inconsistent
state. This CL fixes this issue by updating num_locals_ as the
local_types_ are updated.

Bug: chromium:1154439
Change-Id: I02328a050df8b2827a42f59443e994f535d3c826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567954Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71566}
parent 02ab03b9
......@@ -1181,10 +1181,11 @@ class WasmDecoder : public Decoder {
// Move the insertion iterator to the end of the newly inserted locals.
insert_iterator =
local_types_.insert(insert_iterator, count, type) + count;
num_locals_ += count;
}
}
DCHECK(ok());
if (insert_position.has_value()) num_locals_ += total_count;
return total_count;
}
......
......@@ -4381,6 +4381,16 @@ TEST_F(FunctionBodyDecoderTest, RefTestCast) {
}
}
// This tests that num_locals_ in decoder remains consistent, even if we fail
// mid-DecodeLocals().
TEST_F(FunctionBodyDecoderTest, Regress_1154439) {
WASM_FEATURE_SCOPE(reftypes);
WASM_FEATURE_SCOPE(typed_funcref);
AddLocals(kWasmI32, 1);
AddLocals(kWasmI64, 1000000);
ExpectFailure(sigs.v_v(), {}, kAppendEnd, "local count too large");
}
class BranchTableIteratorTest : public TestWithZone {
public:
BranchTableIteratorTest() : TestWithZone() {}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment