[wasm][unittests] Add unittest to catch bug found by fuzzer

Bug: v8:7748, chronium:1080444
Change-Id: I8d7e3cb8b3ea06001794fdda44faaff8e509e1b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219930
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68071}

test/unittests/wasm/function-body-decoder-unittest.cc

@@ -3648,6 +3648,17 @@ class WasmOpcodeLengthTest : public TestWithZone {
     // length of index, + number of operands + prefix bye
     ExpectLength(len + operands + 1, prefix, encoded[0], encoded[1]);
   }
+
+  template <typename... Bytes>
+  void ExpectFailure(Bytes... bytes) {
+    const byte code[] = {bytes..., 0, 0, 0, 0, 0, 0, 0, 0};
+    WasmFeatures no_features = WasmFeatures::None();
+    WasmDecoder<Decoder::kValidate> decoder(nullptr, no_features, &no_features,
+                                            nullptr, code, code + sizeof(code),
+                                            0);
+    WasmDecoder<Decoder::kValidate>::OpcodeLength(&decoder, code);
+    EXPECT_EQ(decoder.failed(), true);
+  }
 };
 
 TEST_F(WasmOpcodeLengthTest, Statements) {
@@ -3785,6 +3796,11 @@ TEST_F(WasmOpcodeLengthTest, SimdExpressions) {
   ExpectLength(3, kSimdPrefix, 0xFF, 0x1);
 }
 
+TEST_F(WasmOpcodeLengthTest, IllegalRefIndices) {
+  ExpectFailure(kExprBlock, kLocalRef, U32V_3(kV8MaxWasmTypes + 1));
+  ExpectFailure(kExprBlock, kLocalRef, U32V_4(0x01000000));
+}
+
 using TypesOfLocals = ZoneVector<ValueType>;
 
 class LocalDeclDecoderTest : public TestWithZone {