diff options
| author | Thomas Lively <tlively@google.com> | 2024-03-07 08:57:14 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-07 08:57:14 -0800 |
| commit | adca3a1366f69b3539839b5e518ba263216a5246 (patch) | |
| tree | d6ff847e7b6727881f15f7d8b57bbcb60fbc7f1b /src/tools/fuzzing/fuzzing.cpp | |
| parent | 3c779e20be9870d4985763b6fbe8d85e17827353 (diff) | |
| download | binaryen-adca3a1366f69b3539839b5e518ba263216a5246.tar.gz binaryen-adca3a1366f69b3539839b5e518ba263216a5246.tar.bz2 binaryen-adca3a1366f69b3539839b5e518ba263216a5246.zip | |
Handle extended const segment offsets in the fuzzer (#6382)
The fuzzer already had logic to remove all references to non-imported globals
from global initializers and data segment offsets, but it was missing for
element segment offsets. Add it, and also add a missing check line for the new
test that uncovered this bug as initial fuzzer input.
Diffstat (limited to 'src/tools/fuzzing/fuzzing.cpp')
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 701822452..9a44119f5 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -465,15 +465,12 @@ void TranslateToFuzzReader::finalizeMemory() { // definition to what used to be an imported global in initial contents. // To fix that, replace such invalid offsets with a constant. for (auto* get : FindAll<GlobalGet>(segment->offset).list) { - // N.B: We never currently encounter imported globals here, but we do - // the check for robustness. - if (!wasm.getGlobal(get->name)->imported()) { - // TODO: It would be better to avoid segment overlap so that - // MemoryPacking can run. - segment->offset = - builder.makeConst(Literal::makeFromInt32(0, Type::i32)); - break; - } + // No imported globals should remain. + assert(!wasm.getGlobal(get->name)->imported()); + // TODO: It would be better to avoid segment overlap so that + // MemoryPacking can run. + segment->offset = + builder.makeConst(Literal::makeFromInt32(0, Type::i32)); } } if (auto* offset = segment->offset->dynCast<Const>()) { @@ -507,10 +504,13 @@ void TranslateToFuzzReader::finalizeTable() { for (auto& table : wasm.tables) { ModuleUtils::iterTableSegments( wasm, table->name, [&](ElementSegment* segment) { - // If the offset is a global that was imported (which is ok) but no - // longer is (not ok) we need to change that. - if (auto* offset = segment->offset->dynCast<GlobalGet>()) { - if (!wasm.getGlobal(offset->name)->imported()) { + // If the offset contains a global that was imported (which is ok) but + // no longer is (not ok unless GC is enabled), we may need to change + // that. + if (!wasm.features.hasGC()) { + for (auto* get : FindAll<GlobalGet>(segment->offset).list) { + // No imported globals should remain. + assert(!wasm.getGlobal(get->name)->imported()); // TODO: the segments must not overlap... segment->offset = builder.makeConst(Literal::makeFromInt32(0, Type::i32)); |