Fix 2 binary fuzz bugs (#1323)

 * Check if there is a currFunction before using it (we need it for some stacky code; a valid wasm wouldn't need a function in that location anyhow, as what can be put in a memory/table offset is very limited).
 * Huge alignment led us to do a power of 2 shift that is undefined behavior.

Also adds a test facility to check we don't crash on testcases.

1 files changed, 6 insertions, 1 deletions

diff --git a/src/wasm/wasm-binary.cpp b/src/wasm/wasm-binary.cpp
index 234857442..868fad1f6 100644
--- a/src/wasm/wasm-binary.cpp
+++ b/src/wasm/wasm-binary.cpp
@@ -2202,6 +2202,9 @@ void WasmBinaryBuilder::pushBlockElements(Block* curr, size_t start, size_t end)
   expressionStack.resize(start);
   // if we have a consumable item and need it, use it
   if (consumable != NONE && curr->list.back()->type == none) {
+    if (!currFunction) {
+      throw ParseException("need an extra var in a non-function context, invalid wasm");
+    }
     Builder builder(wasm);
     auto* item = curr->list[consumable]->cast<Drop>()->value;
     auto temp = builder.addVar(currFunction, item->type);
@@ -2464,7 +2467,9 @@ void WasmBinaryBuilder::visitSetGlobal(SetGlobal *curr) {
 }
 
 void WasmBinaryBuilder::readMemoryAccess(Address& alignment, size_t bytes, Address& offset) {
-  alignment = Pow2(getU32LEB());
+  auto rawAlignment = getU32LEB();
+  if (rawAlignment > 4) throw ParseException("Alignment must be of a reasonable size");
+  alignment = Pow2(rawAlignment);
   offset = getU32LEB();
 }