Commit e330d54b authored by Manos Koukoutos's avatar Manos Koukoutos Committed by Commit Bot

[wasm][fuzzer] Return early if element segment offset init. fails

Bug: chromium:1103839
Change-Id: Id70b4632fb15cb16c16cb94ad0f7676e5293769d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307311Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68945}
parent e0ab7864
...@@ -2030,6 +2030,10 @@ class ModuleDecoderImpl : public Decoder { ...@@ -2030,6 +2030,10 @@ class ModuleDecoderImpl : public Decoder {
if (*status == WasmElemSegment::kStatusActive) { if (*status == WasmElemSegment::kStatusActive) {
*offset = consume_init_expr(module_.get(), kWasmI32); *offset = consume_init_expr(module_.get(), kWasmI32);
if (offset->kind() == WasmInitExpr::kNone) {
// Failed to parse offset initializer, return early.
return;
}
} }
if (*status == WasmElemSegment::kStatusActive && !has_table_index) { if (*status == WasmElemSegment::kStatusActive && !has_table_index) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment