Commit c4e2e84d authored by Clemens Backes's avatar Clemens Backes Committed by Commit Bot

[wasm] Skip checks when decoding asm offset table

Since we create the asm offset table ourselves, we can skip all decoder
error checks when decoding it. We keep DCHECKs though to catch errors
early and give fuzzers a change to find inconsistencies in our encoding
and decoding.

R=jkummerow@chromium.org

Bug: chromium:667678
Change-Id: I2c77f3857548057ce5c432d1c6f5576d66ca5cd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011086
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65905}
parent 51067cc2
......@@ -2035,20 +2035,17 @@ AsmJsOffsetsResult DecodeAsmJsOffsets(Vector<const uint8_t> encoded_offsets) {
Decoder decoder(encoded_offsets);
uint32_t functions_count = decoder.consume_u32v("functions count");
// Reserve space for the entries, taking care of invalid input.
if (functions_count < encoded_offsets.size()) {
// Sanity check.
DCHECK_GE(encoded_offsets.size(), functions_count);
functions.reserve(functions_count);
}
for (uint32_t i = 0; i < functions_count && decoder.ok(); ++i) {
for (uint32_t i = 0; i < functions_count; ++i) {
uint32_t size = decoder.consume_u32v("table size");
if (size == 0) {
functions.emplace_back();
continue;
}
if (!decoder.checkAvailable(size)) {
decoder.error("illegal asm function offset table size");
}
DCHECK(decoder.checkAvailable(size));
const byte* table_end = decoder.pc() + size;
uint32_t locals_size = decoder.consume_u32v("locals size");
int function_start_position = decoder.consume_u32v("function start pos");
......@@ -2059,7 +2056,8 @@ AsmJsOffsetsResult DecodeAsmJsOffsets(Vector<const uint8_t> encoded_offsets) {
// Add an entry for the stack check, associated with position 0.
func_asm_offsets.push_back(
{0, function_start_position, function_start_position});
while (decoder.ok() && decoder.pc() < table_end) {
while (decoder.pc() < table_end) {
DCHECK(decoder.ok());
last_byte_offset += decoder.consume_u32v("byte offset delta");
int call_position =
last_asm_position + decoder.consume_i32v("call position delta");
......@@ -2069,13 +2067,12 @@ AsmJsOffsetsResult DecodeAsmJsOffsets(Vector<const uint8_t> encoded_offsets) {
func_asm_offsets.push_back(
{last_byte_offset, call_position, to_number_position});
}
if (decoder.pc() != table_end) {
decoder.error("broken asm offset table");
}
DCHECK_EQ(decoder.pc(), table_end);
functions.emplace_back(
AsmJsOffsetFunctionEntries{std::move(func_asm_offsets)});
}
if (decoder.more()) decoder.error("unexpected additional bytes");
DCHECK(decoder.ok());
DCHECK(!decoder.more());
return decoder.toResult(AsmJsOffsets{std::move(functions)});
}
......
......@@ -597,14 +597,13 @@ int GetSourcePosition(const WasmModule* module, uint32_t func_index,
DCHECK_EQ(is_asmjs_module(module),
module->asm_js_offset_information != nullptr);
if (!is_asmjs_module(module)) {
// For non-asm.js modules, we just add the function's start offset
// for non-asm.js modules, we just add the function's start offset
// to make a module-relative position.
return byte_offset + GetWasmFunctionOffset(module, func_index);
}
// asm.js modules have an additional offset table that must be searched.
// Note: {AsmJsOffsetInformation::GetSourcePosition} expects the function
// index relative to the first non-imported function.
// The passed func_index excludes imported functions.
DCHECK_LE(module->num_imported_functions, func_index);
return module->asm_js_offset_information->GetSourcePosition(
func_index - module->num_imported_functions, byte_offset,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment