Commit 8863f9f2 authored by rossberg's avatar rossberg Committed by Commit bot

[wasm] Check for malformed mutability

Fixes failure on spec test globals.wast.

Review-Url: https://codereview.chromium.org/2638003002
Cr-Commit-Position: refs/heads/master@{#42406}
parent bc35251f
......@@ -334,7 +334,7 @@ class ModuleDecoder : public Decoder {
{kWasmStmt, false, WasmInitExpr(), 0, true, false});
WasmGlobal* global = &module->globals.back();
global->type = consume_value_type();
global->mutability = consume_u8("mutability") != 0;
global->mutability = consume_mutability();
if (global->mutability) {
error("mutable globals cannot be imported");
}
......@@ -696,7 +696,7 @@ class ModuleDecoder : public Decoder {
void DecodeGlobalInModule(WasmModule* module, uint32_t index,
WasmGlobal* global) {
global->type = consume_value_type();
global->mutability = consume_u8("mutability") != 0;
global->mutability = consume_mutability();
const byte* pos = pc();
global->init = consume_init_expr(module, kWasmStmt);
switch (global->init.kind) {
......@@ -988,6 +988,13 @@ class ModuleDecoder : public Decoder {
return expr;
}
// Read a mutability flag
bool consume_mutability() {
byte val = consume_u8("mutability");
if (val > 1) error(pc_ - 1, "invalid mutability");
return val != 0;
}
// Reads a single 8-bit integer, interpreting it as a local type.
ValueType consume_value_type() {
byte val = consume_u8("value type");
......
......@@ -1101,6 +1101,21 @@ TEST_F(WasmModuleVerifyTest, ImportTable_mutable_global) {
}
}
TEST_F(WasmModuleVerifyTest, ImportTable_mutability_malformed) {
static const byte data[] = {
SECTION(Import, 8),
1, // --
NAME_LENGTH(1), // --
'm', // module name
NAME_LENGTH(1), // --
'g', // global name
kExternalGlobal, // import kind
kLocalI32, // type
2, // invalid mutability
};
EXPECT_FAILURE(data);
}
TEST_F(WasmModuleVerifyTest, ImportTable_nosigs2) {
static const byte data[] = {
SECTION(Import, 6), 1, // sig table
......@@ -1507,7 +1522,6 @@ TEST_F(WasmModuleVerifyTest, Multiple_Named_Sections) {
};
EXPECT_VERIFIES(data);
}
} // namespace wasm
} // namespace internal
} // namespace v8
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment