[wasm] Data section without memory causes a validation error

Another spec issue. R=titzer@chromium.org, rossberg@chromium.org TEST=unittests/WasmModuleVerifyTest.DataWithoutMemory Review-Url: https://codereview.chromium.org/2486973003 Cr-Commit-Position: refs/heads/master@{#40855}

[wasm] Data section without memory causes a validation error
Another spec issue. R=titzer@chromium.org, rossberg@chromium.org TEST=unittests/WasmModuleVerifyTest.DataWithoutMemory Review-Url: https://codereview.chromium.org/2486973003 Cr-Commit-Position: refs/heads/master@{#40855}
bd472ffa · ahaas · Commit bot · 288d3812 · bd472ffa · bd472ffa
Commit bd472ffa authored Nov 09, 2016 by ahaas Committed by Commit bot Nov 09, 2016
Showing with 21 additions and 0 deletions

module-decoder.cc src/wasm/module-decoder.cc +6 -0

wasm-module.h src/wasm/wasm-module.h +1 -0

module-decoder-unittest.cc test/unittests/wasm/module-decoder-unittest.cc +14 -0

No files found.
--- a/src/wasm/module-decoder.cc
+++ b/src/wasm/module-decoder.cc
@@ -327,6 +327,7 @@ class ModuleDecoder : public Decoder {
                                     &module->min_mem_pages, &has_max,
                                     WasmModule::kSpecMaxPages,
                                     &module->max_mem_pages);
+            module->has_memory = true;
            break;
          }
          case kExternalGlobal: {
@@ -411,6 +412,7 @@ class ModuleDecoder : public Decoder {
            "memory", "pages", WasmModule::kV8MaxPages, &module->min_mem_pages,
            &has_max, WasmModule::kSpecMaxPages, &module->max_mem_pages);
      }
+      module->has_memory = true;
      section_iter.advance();
    }
@@ -594,6 +596,10 @@ class ModuleDecoder : public Decoder {
      uint32_t data_segments_count = consume_u32v("data segments count");
      module->data_segments.reserve(SafeReserve(data_segments_count));
      for (uint32_t i = 0; ok() && i < data_segments_count; ++i) {
+        if (!module->has_memory) {
+          error("cannot load data without memory");
+          break;
+        }
        TRACE("DecodeDataSegment[%d] module+%d\n", i,
              static_cast<int>(pc_ - start_));
        module->data_segments.push_back({

--- a/src/wasm/wasm-module.h
+++ b/src/wasm/wasm-module.h
@@ -185,6 +185,7 @@ struct V8_EXPORT_PRIVATE WasmModule {
  const byte* module_end = nullptr;    // end address for the module bytes
  uint32_t min_mem_pages = 0;  // minimum size of the memory in 64k pages
  uint32_t max_mem_pages = 0;  // maximum size of the memory in 64k pages
+  bool has_memory = false;     // true if the memory was defined or imported
  bool mem_export = false;     // true if the memory is exported
  // TODO(wasm): reconcile start function index being an int with
  // the fact that we index on uint32_t, so we may technically not be

--- a/test/unittests/wasm/module-decoder-unittest.cc
+++ b/test/unittests/wasm/module-decoder-unittest.cc
@@ -516,6 +516,20 @@ TEST_F(WasmModuleVerifyTest, TwoDataSegments) {
  EXPECT_OFF_END_FAILURE(data, 14, sizeof(data));
 }
+TEST_F(WasmModuleVerifyTest, DataWithoutMemory) {
+  const byte data[] = {
+      SECTION(Data, 11),
+      ENTRY_COUNT(1),
+      LINEAR_MEMORY_INDEX_0,
+      WASM_INIT_EXPR_I32V_3(0x9bbaa),  // dest addr
+      U32V_1(3),                       // source size
+      'a',
+      'b',
+      'c'  // data bytes
+  };
+  EXPECT_FAILURE(data);
+}
 TEST_F(WasmModuleVerifyTest, MaxMaximumMemorySize) {
  {
    const byte data[] = {