[wasm][fuzzer] Check that global init. does not start beyond code end

Bug: chromium:1104053 Change-Id: Iacfeeb80ab981f20dc2fc40cf8435514876fcf28 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307233Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#68944}

[wasm][fuzzer] Check that global init. does not start beyond code end
Bug: chromium:1104053 Change-Id: Iacfeeb80ab981f20dc2fc40cf8435514876fcf28 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307233Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#68944}
e0ab7864 · Manos Koukoutos · Commit Bot · 90271b75 · e0ab7864
Commit e0ab7864 authored Jul 20, 2020 by Manos Koukoutos Committed by Commit Bot Jul 20, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

module-decoder.cc src/wasm/module-decoder.cc +4 -0

No files found.
--- a/src/wasm/module-decoder.cc
+++ b/src/wasm/module-decoder.cc
@@ -1638,6 +1638,10 @@ class ModuleDecoderImpl : public Decoder {
  }

  WasmInitExpr consume_init_expr(WasmModule* module, ValueType expected) {
+    if (pc() >= end()) {
+      error(pc(), "Global initializer starting beyond code end");
+      return {};
+    }
    constexpr Decoder::ValidateFlag validate = Decoder::kValidate;
    WasmOpcode opcode = kExprNop;
    std::vector<WasmInitExpr> stack;