[wasm] Do not generate a loop stack check upon a decoder error.

A decoder error sets builder_ to null, which causes builder_->StackCheck
to segfault.

R=titzer@chromium.org

TEST=mjsunit/regress/wasm/loop-stack-check

Review-Url: https://codereview.chromium.org/2416873002
Cr-Commit-Position: refs/heads/master@{#40271}

src/wasm/ast-decoder.cc

@@ -1627,6 +1627,7 @@ class WasmFullDecoder : public WasmDecoder {
     builder_->Terminate(env->effect, env->control);
     if (FLAG_wasm_loop_assignment_analysis) {
       BitVector* assigned = AnalyzeLoopAssignment(pc);
+      if (failed()) return env;
       if (assigned != nullptr) {
         // Only introduce phis for variables assigned in this loop.
         for (int i = EnvironmentCount() - 1; i >= 0; i--) {

test/mjsunit/regress/wasm/loop-stack-check.js

+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-wasm
+
+load("test/mjsunit/wasm/wasm-constants.js");
+load("test/mjsunit/wasm/wasm-module-builder.js");
+
+(function() {
+  var builder = new WasmModuleBuilder();
+  builder.addFunction("foo", kSig_i_ii)
+    .addBody([
+        kExprLoop, 00,
+        kExprBrTable, 0xfb, 0xff, 0xff, 0xff,
+              ])
+              .exportFunc();
+  assertThrows(function() { builder.instantiate(); });
+})();