diff options
| author | Thomas Lively <tlively@google.com> | 2022-11-22 10:16:02 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-22 08:16:02 -0800 |
| commit | 310a4e9118ccc14f42c6a2198104bf9b8358e48a (patch) | |
| tree | 8c1068bdae8ce4b5dbd54ff00bd6a4a94a13c7e8 /src/wasm/wasm-validator.cpp | |
| parent | c449f41678d5e1699d634855743f5874ae6ec6e4 (diff) | |
| download | binaryen-310a4e9118ccc14f42c6a2198104bf9b8358e48a.tar.gz binaryen-310a4e9118ccc14f42c6a2198104bf9b8358e48a.tar.bz2 binaryen-310a4e9118ccc14f42c6a2198104bf9b8358e48a.zip | |
Validate that GC is enabled for rec groups and supertypes (#5279)
Update `HeapType::getFeatures` to report that GC is used for heap types that
have nontrivial recursion groups or supertypes. Update validation to check the
features on function heap types, not just their individual params and results.
This fixes a fuzz bug in #5239 where initial contents included a rec group but
the fuzzer disabled GC. Since the resulting module passed validation, the rec
groups made it into the binary output, making the type section malformed.
Diffstat (limited to 'src/wasm/wasm-validator.cpp')
| -rw-r--r-- | src/wasm/wasm-validator.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/wasm/wasm-validator.cpp b/src/wasm/wasm-validator.cpp index c1316f283..37fbebef9 100644 --- a/src/wasm/wasm-validator.cpp +++ b/src/wasm/wasm-validator.cpp @@ -2903,6 +2903,9 @@ void FunctionValidator::visitFunction(Function* curr) { "Multivalue function results (multivalue is not enabled)"); } FeatureSet features; + // Check for things like having a rec group with GC enabled. + features |= + (Type(curr->type, Nullable).getFeatures() & ~FeatureSet::ReferenceTypes); for (const auto& param : curr->getParams()) { features |= param.getFeatures(); shouldBeTrue(param.isConcrete(), curr, "params must be concretely typed"); |