Commit 58920e04 authored by bradnelson's avatar bradnelson Committed by Commit bot

[wasm] Require wasm explicit asm instantiation to be of a function.

We were not checking that the string passed to instantiateFromAsm
contains a function declaration (any declaration was allowed).

Fixes crash.

BUG=620649
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2109533002
Cr-Commit-Position: refs/heads/master@{#37349}
parent 0c7ee927
...@@ -141,6 +141,11 @@ v8::internal::wasm::ZoneBuffer* TranslateAsmModule( ...@@ -141,6 +141,11 @@ v8::internal::wasm::ZoneBuffer* TranslateAsmModule(
return nullptr; return nullptr;
} }
if (!info->scope()->declarations()->at(0)->IsFunctionDeclaration()) {
thrower->Error("Asm.js validation failed: non-function declaration");
return nullptr;
}
info->set_literal( info->set_literal(
info->scope()->declarations()->at(0)->AsFunctionDeclaration()->fun()); info->scope()->declarations()->at(0)->AsFunctionDeclaration()->fun());
......
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --expose-wasm
__v_1 = "var outer = 0; function test() {'use strict'; outer = 1; } test();";
assertThrows(function() {
Wasm.instantiateModuleFromAsm(__v_1);
});
...@@ -1530,3 +1530,15 @@ assertWasm(1, TestXor); ...@@ -1530,3 +1530,15 @@ assertWasm(1, TestXor);
assertEquals(0x80000000, wasm.u0x80000000()); assertEquals(0x80000000, wasm.u0x80000000());
assertEquals(0x87654321, wasm.u0x87654321()); assertEquals(0x87654321, wasm.u0x87654321());
})(); })();
(function TestBadNoDeclaration() {
assertThrows(function() {
Wasm.instantiateModuleFromAsm('33;');
});
})();
(function TestBadVarDeclaration() {
assertThrows(function() {
Wasm.instantiateModuleFromAsm('var x = 3;');
});
})();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment