[wasm][serialization] Skip redundant information

Writing out the number of functions in the module is unnecessary. That
number is only used for validation when reading back the value, but only
validating that number is pretty arbitrary and does not protect against
bugs or attacks. Hence skip these two header fields.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: I083075e2c8959f99690fd1478d0950a25eb7311f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644946
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72326}

src/wasm/wasm-serialization.cc

@@ -186,10 +186,7 @@ uint32_t GetWasmCalleeTag(RelocInfo* rinfo) {
 #endif
 }
 
-constexpr size_t kHeaderSize =
-    sizeof(uint32_t) +  // total wasm function count
-    sizeof(uint32_t) +  // imported functions (index of first wasm function)
-    sizeof(size_t);     // total code size
+constexpr size_t kHeaderSize = sizeof(size_t);  // total code size
 
 constexpr size_t kCodeHeaderSize = sizeof(bool) +  // whether code is present
                                    sizeof(int) +   // offset of constant pool
@@ -327,8 +324,6 @@ void NativeModuleSerializer::WriteHeader(Writer* writer,
   // TODO(eholk): We need to properly preserve the flag whether the trap
   // handler was used or not when serializing.
 
-  writer->Write(native_module_->num_functions());
-  writer->Write(native_module_->num_imported_functions());
   writer->Write(total_code_size);
 }
 
@@ -527,7 +522,7 @@ class V8_EXPORT_PRIVATE NativeModuleDeserializer {
   friend class CopyAndRelocTask;
   friend class PublishTask;
 
-  bool ReadHeader(Reader* reader);
+  void ReadHeader(Reader* reader);
   DeserializationUnit ReadCode(int fn_index, Reader* reader);
   void CopyAndRelocate(const DeserializationUnit& unit);
   void Publish(std::vector<DeserializationUnit> batch);
@@ -616,7 +611,7 @@ bool NativeModuleDeserializer::Read(Reader* reader) {
   read_called_ = true;
 #endif
 
-  if (!ReadHeader(reader)) return false;
+  ReadHeader(reader);
   uint32_t total_fns = native_module_->num_functions();
   uint32_t first_wasm_fn = native_module_->num_imported_functions();
 
@@ -668,12 +663,8 @@ bool NativeModuleDeserializer::Read(Reader* reader) {
   return reader->current_size() == 0;
 }
 
-bool NativeModuleDeserializer::ReadHeader(Reader* reader) {
-  uint32_t functions = reader->Read<uint32_t>();
-  uint32_t imports = reader->Read<uint32_t>();
+void NativeModuleDeserializer::ReadHeader(Reader* reader) {
   remaining_code_size_ = reader->Read<size_t>();
-  return functions == native_module_->num_functions() &&
-         imports == native_module_->num_imported_functions();
 }
 
 DeserializationUnit NativeModuleDeserializer::ReadCode(int fn_index,

test/cctest/wasm/test-wasm-serialization.cc

@@ -61,14 +61,6 @@ class WasmSerializationTest {
     memset(const_cast<uint8_t*>(wire_bytes_.data()), 0, wire_bytes_.size() / 2);
   }
 
-  void InvalidateNumFunctions() {
-    Address num_functions_slot =
-        reinterpret_cast<Address>(serialized_bytes_.data()) +
-        WasmSerializer::kHeaderSize;
-    CHECK_EQ(1, base::ReadUnalignedValue<uint32_t>(num_functions_slot));
-    base::WriteUnalignedValue<uint32_t>(num_functions_slot, 0);
-  }
-
   MaybeHandle<WasmModuleObject> Deserialize(
       Vector<const char> source_url = {}) {
     return DeserializeNativeModule(CcTest::i_isolate(),
@@ -239,16 +231,6 @@ TEST(DeserializeNoSerializedData) {
   test.CollectGarbage();
 }
 
-TEST(DeserializeInvalidNumFunctions) {
-  WasmSerializationTest test;
-  {
-    HandleScope scope(CcTest::i_isolate());
-    test.InvalidateNumFunctions();
-    CHECK(test.Deserialize().is_null());
-  }
-  test.CollectGarbage();
-}
-
 TEST(DeserializeWireBytesAndSerializedDataInvalid) {
   WasmSerializationTest test;
   {