Commit e7053d46 authored by Thibaud Michaud's avatar Thibaud Michaud Committed by V8 LUCI CQ

[wasm][eh] Add missing type check in W.Exception.getArg()

Check that the tag argument matches the exception's own tag, and throw a
type error if not.

R=jkummerow@chromium.org

Bug: chromium:1237751, v8:11992
Change-Id: Ia404b83c202a247791583f0252833c36801e9ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081523Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76175}
parent d38ea7d9
......@@ -2046,10 +2046,20 @@ void WebAssemblyExceptionGetArg(
}
auto maybe_values =
i::WasmExceptionPackage::GetExceptionValues(i_isolate, exception);
if (maybe_values->IsUndefined()) {
auto this_tag =
i::WasmExceptionPackage::GetExceptionTag(i_isolate, exception);
if (this_tag->IsUndefined()) {
thrower.TypeError("Expected a WebAssembly.Exception object");
return;
}
DCHECK(this_tag->IsWasmExceptionTag());
if (tag->tag() != *this_tag) {
thrower.TypeError("First argument does not match the exception tag");
return;
}
DCHECK(!maybe_values->IsUndefined());
auto values = i::Handle<i::FixedArray>::cast(maybe_values);
auto signature = tag->serialized_signature();
if (index >= static_cast<uint32_t>(signature.length())) {
......
......@@ -211,6 +211,9 @@ function TestGetArgHelper(types_str, types, values) {
/Index must be convertible to a valid number/);
assertThrows(() => exception.getArg(tag, 0xFFFFFFFF), RangeError,
/Index out of range/);
let wrong_tag = new WebAssembly.Tag({parameters: ['i32']});
assertThrows(() => exception.getArg(wrong_tag, 0), TypeError,
/First argument does not match the exception tag/);
// Check decoding.
TestGetArgHelper(['i32'], [kWasmI32], [1]);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment