[wasm] Return immediately if code generation is not allowed

There was a bug in WebAssembly.instantiate in the case where a CSP
disallows WebAssembly compilation. In this case the promise returned by
WebAssembly.instantiate was rejected immediately because of the CSP,
but then compilation was started anyways, and the promise was resolved
after compilation for a second time, which caused the crash. With this
CL we do not start compilation if CSP disallows WebAssembly compilation.

R=clemensh@chromium.org

Bug: chromium:881978
Change-Id: Iffdb3e02c3006eb7f86211ab197f81cf20438f0e
Reviewed-on: https://chromium-review.googlesource.com/1219706
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55788}

src/wasm/wasm-js.cc

@@ -818,6 +818,7 @@ void WebAssemblyInstantiate(const v8::FunctionCallbackInfo<v8::Value>& args) {
   if (!i::wasm::IsWasmCodegenAllowed(i_isolate, i_isolate->native_context())) {
     thrower.CompileError("Wasm code generation disallowed by embedder");
     compilation_resolver->OnCompilationFailed(thrower.Reify());
+    return;
   }
 
   // Asynchronous compilation handles copying wire bytes if necessary.

test/mjsunit/wasm/disallow-codegen.js

@@ -65,6 +65,16 @@ async function AsyncTestOk() {
     promise, module => assertInstanceof(module, WebAssembly.Module));
 }
 
+async function AsyncTestWithInstantiateOk() {
+  print('async module instantiate (ok)...');
+  %DisallowCodegenFromStrings(false);
+  %DisallowWasmCodegen(false);
+  let promise = WebAssembly.instantiate(buffer);
+  assertPromiseResult(
+      promise,
+      module => assertInstanceof(module.instance, WebAssembly.Instance));
+}
+
 async function AsyncTestFail() {
   print('async module compile (fail)...');
   %DisallowCodegenFromStrings(true);
@@ -78,6 +88,19 @@ async function AsyncTestFail() {
   }
 }
 
+async function AsyncTestWithInstantiateFail() {
+  print('async module instantiate (fail)...');
+  %DisallowCodegenFromStrings(true);
+  %DisallowWasmCodegen(false);
+  try {
+    let m = await WebAssembly.instantiate(buffer);
+    assertUnreachable();
+  } catch (e) {
+    print("  " + e);
+    assertInstanceof(e, WebAssembly.CompileError);
+  }
+}
+
 async function AsyncTestWasmFail(disallow_codegen) {
   print('async wasm module compile (fail)...');
   %DisallowCodegenFromStrings(disallow_codegen);
@@ -91,6 +114,19 @@ async function AsyncTestWasmFail(disallow_codegen) {
   }
 }
 
+async function AsyncTestWasmWithInstantiateFail(disallow_codegen) {
+  print('async wasm module instantiate (fail)...');
+  %DisallowCodegenFromStrings(disallow_codegen);
+  %DisallowWasmCodegen(true);
+  try {
+    let m = await WebAssembly.instantiate(buffer);
+    assertUnreachable();
+  } catch (e) {
+    print("  " + e);
+    assertInstanceof(e, WebAssembly.CompileError);
+  }
+}
+
 async function StreamingTestOk() {
   print('streaming module compile (ok)...');
   // TODO(titzer): compileStreaming must be supplied by embedder.
@@ -149,7 +185,9 @@ async function RunAll() {
   await SyncTestOk();
   await SyncTestFail();
   await AsyncTestOk();
+  await AsyncTestWithInstantiateOk();
   await AsyncTestFail();
+  await AsyncTestWithInstantiateFail();
   await StreamingTestOk();
   await StreamingTestFail();
 
@@ -157,6 +195,7 @@ async function RunAll() {
   for (count = 0; count < 2; ++count) {
     SyncTestWasmFail(disallow_codegen);
     AsyncTestWasmFail(disallow_codegen);
+    AsyncTestWasmWithInstantiateFail(disallow_codegen);
     StreamingTestWasmFail(disallow_codegen)
     disallow_codegen = true;
   }