diff options
| author | Alon Zakai <alonzakai@gmail.com> | 2017-11-28 13:32:36 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-28 13:32:36 -0800 |
| commit | c68fe0dd8f948c8f980616d6b527182cd5c682c3 (patch) | |
| tree | 1d0394c0fc0f3a3811faf9eff9ce1f755fc6caf8 /src | |
| parent | 94cbe63149248e251580ef95a6d3a31faf00a238 (diff) | |
| download | binaryen-c68fe0dd8f948c8f980616d6b527182cd5c682c3.tar.gz binaryen-c68fe0dd8f948c8f980616d6b527182cd5c682c3.tar.bz2 binaryen-c68fe0dd8f948c8f980616d6b527182cd5c682c3.zip | |
Binary fuzz fix: disallow popping from outside a block (#1305)
* remove unneeded code to handle a br to the return from the function. Now that we use getBlockOrSingleton there, it does that for us anyhow
* fix a fuzz bug of popping from outside a block
Diffstat (limited to 'src')
| -rw-r--r-- | src/wasm/wasm-binary.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/wasm/wasm-binary.cpp b/src/wasm/wasm-binary.cpp index 2d1e8734c..234857442 100644 --- a/src/wasm/wasm-binary.cpp +++ b/src/wasm/wasm-binary.cpp @@ -2175,6 +2175,9 @@ BinaryConsts::ASTNodes WasmBinaryBuilder::readExpression(Expression*& curr) { } void WasmBinaryBuilder::pushBlockElements(Block* curr, size_t start, size_t end) { + assert(start <= expressionStack.size()); + assert(start <= end); + assert(end <= expressionStack.size()); // the first dropped element may be consumed by code later - it was on the stack first, // and is the only thing left on the stack. there must be just one thing on the stack // since we are at the end of a block context. note that we may need to drop more than @@ -2255,6 +2258,9 @@ Expression* WasmBinaryBuilder::getBlockOrSingleton(WasmType type) { auto start = expressionStack.size(); processExpressions(); size_t end = expressionStack.size(); + if (end < start) { + throw ParseException("block cannot pop from outside"); + } breakStack.pop_back(); auto* block = allocator.alloc<Block>(); pushBlockElements(block, start, end); |