Commit af4cf8d1 authored by Andreas Haas's avatar Andreas Haas Committed by Commit Bot

[wasm] Abort decoding of BlockTypeImmediate after an error was detected

R=titzer@chromium.org

Bug: chromium:875556
Change-Id: I989dbaaec1eac3b7d0c761f25efec043cdeb9d71
Reviewed-on: https://chromium-review.googlesource.com/1180964Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55212}
parent 35974e2d
...@@ -223,6 +223,7 @@ struct BlockTypeImmediate { ...@@ -223,6 +223,7 @@ struct BlockTypeImmediate {
decoder->error(pc + 1, "invalid block type"); decoder->error(pc + 1, "invalid block type");
return; return;
} }
if (!VALIDATE(decoder->ok())) return;
int32_t index = int32_t index =
decoder->read_i32v<validate>(pc + 1, &length, "block arity"); decoder->read_i32v<validate>(pc + 1, &length, "block arity");
if (!VALIDATE(length > 0 && index >= 0)) { if (!VALIDATE(length > 0 && index >= 0)) {
......
// Copyright 2018 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --expose-wasm --experimental-wasm-mv
load('test/mjsunit/wasm/wasm-constants.js');
load('test/mjsunit/wasm/wasm-module-builder.js');
(function() {
const builder = new WasmModuleBuilder();
// Generate function 1 (out of 2).
sig1 = makeSig([kWasmI32], []);
builder.addFunction("main", sig1).addBodyWithEnd([
// signature: v_i
// body:
kExprBlock,
]);
assertThrows(function() { builder.instantiate(); }, WebAssembly.CompileError);
})();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment