Skip to content

V
V8
Commit 8863f9f2 authored by rossberg's avatar rossberg Committed by Commit bot
Browse files
Options

[wasm] Check for malformed mutability 

Fixes failure on spec test globals.wast.

Review-Url: https://codereview.chromium.org/2638003002
Cr-Commit-Position: refs/heads/master@{#42406}
parent bc35251f
Hide whitespace changes
Inline Side-by-side
Showing with 24 additions and 3 deletions
src/wasm/module-decoder.cc
View file @ 8863f9f2
...@@ -334,7 +334,7 @@ class ModuleDecoder : public Decoder { ...@@ -334,7 +334,7 @@ class ModuleDecoder : public Decoder {
{kWasmStmt, false, WasmInitExpr(), 0, true, false}); {kWasmStmt, false, WasmInitExpr(), 0, true, false});
WasmGlobal* global = &module->globals.back(); WasmGlobal* global = &module->globals.back();
global->type = consume_value_type(); global->type = consume_value_type();
global->mutability = consume_u8("mutability") != 0; global->mutability = consume_mutability();
if (global->mutability) { if (global->mutability) {
error("mutable globals cannot be imported"); error("mutable globals cannot be imported");
} }
...@@ -696,7 +696,7 @@ class ModuleDecoder : public Decoder { ...@@ -696,7 +696,7 @@ class ModuleDecoder : public Decoder {
void DecodeGlobalInModule(WasmModule* module, uint32_t index, void DecodeGlobalInModule(WasmModule* module, uint32_t index,
WasmGlobal* global) { WasmGlobal* global) {
global->type = consume_value_type(); global->type = consume_value_type();
global->mutability = consume_u8("mutability") != 0; global->mutability = consume_mutability();
const byte* pos = pc(); const byte* pos = pc();
global->init = consume_init_expr(module, kWasmStmt); global->init = consume_init_expr(module, kWasmStmt);
switch (global->init.kind) { switch (global->init.kind) {
...@@ -988,6 +988,13 @@ class ModuleDecoder : public Decoder { ...@@ -988,6 +988,13 @@ class ModuleDecoder : public Decoder {
return expr; return expr;
} }
// Read a mutability flag
bool consume_mutability() {
byte val = consume_u8("mutability");
if (val > 1) error(pc_ - 1, "invalid mutability");
return val != 0;
}
// Reads a single 8-bit integer, interpreting it as a local type. // Reads a single 8-bit integer, interpreting it as a local type.
ValueType consume_value_type() { ValueType consume_value_type() {
byte val = consume_u8("value type"); byte val = consume_u8("value type");
......
test/unittests/wasm/module-decoder-unittest.cc
View file @ 8863f9f2
...@@ -1101,6 +1101,21 @@ TEST_F(WasmModuleVerifyTest, ImportTable_mutable_global) { ...@@ -1101,6 +1101,21 @@ TEST_F(WasmModuleVerifyTest, ImportTable_mutable_global) {
} }
} }
TEST_F(WasmModuleVerifyTest, ImportTable_mutability_malformed) {
static const byte data[] = {
SECTION(Import, 8),
1, // --
NAME_LENGTH(1), // --
'm', // module name
NAME_LENGTH(1), // --
'g', // global name
kExternalGlobal, // import kind
kLocalI32, // type
2, // invalid mutability
};
EXPECT_FAILURE(data);
}
TEST_F(WasmModuleVerifyTest, ImportTable_nosigs2) { TEST_F(WasmModuleVerifyTest, ImportTable_nosigs2) {
static const byte data[] = { static const byte data[] = {
SECTION(Import, 6), 1, // sig table SECTION(Import, 6), 1, // sig table
...@@ -1507,7 +1522,6 @@ TEST_F(WasmModuleVerifyTest, Multiple_Named_Sections) { ...@@ -1507,7 +1522,6 @@ TEST_F(WasmModuleVerifyTest, Multiple_Named_Sections) {
}; };
EXPECT_VERIFIES(data); EXPECT_VERIFIES(data);
} }
} // namespace wasm } // namespace wasm
} // namespace internal } // namespace internal
} // namespace v8 } // namespace v8
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment