From adca3a1366f69b3539839b5e518ba263216a5246 Mon Sep 17 00:00:00 2001
From: Thomas Lively <tlively@google.com>
Date: Thu, 7 Mar 2024 08:57:14 -0800
Subject: Handle extended const segment offsets in the fuzzer (#6382)

The fuzzer already had logic to remove all references to non-imported globals
from global initializers and data segment offsets, but it was missing for
element segment offsets. Add it, and also add a missing check line for the new
test that uncovered this bug as initial fuzzer input.
---
 src/tools/fuzzing/fuzzing.cpp | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

(limited to 'src/tools/fuzzing/fuzzing.cpp')

diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
index 701822452..9a44119f5 100644
--- a/src/tools/fuzzing/fuzzing.cpp
+++ b/src/tools/fuzzing/fuzzing.cpp
@@ -465,15 +465,12 @@ void TranslateToFuzzReader::finalizeMemory() {
         // definition to what used to be an imported global in initial contents.
         // To fix that, replace such invalid offsets with a constant.
         for (auto* get : FindAll<GlobalGet>(segment->offset).list) {
-          // N.B: We never currently encounter imported globals here, but we do
-          // the check for robustness.
-          if (!wasm.getGlobal(get->name)->imported()) {
-            // TODO: It would be better to avoid segment overlap so that
-            //       MemoryPacking can run.
-            segment->offset =
-              builder.makeConst(Literal::makeFromInt32(0, Type::i32));
-            break;
-          }
+          // No imported globals should remain.
+          assert(!wasm.getGlobal(get->name)->imported());
+          // TODO: It would be better to avoid segment overlap so that
+          //       MemoryPacking can run.
+          segment->offset =
+            builder.makeConst(Literal::makeFromInt32(0, Type::i32));
         }
       }
       if (auto* offset = segment->offset->dynCast<Const>()) {
@@ -507,10 +504,13 @@ void TranslateToFuzzReader::finalizeTable() {
   for (auto& table : wasm.tables) {
     ModuleUtils::iterTableSegments(
       wasm, table->name, [&](ElementSegment* segment) {
-        // If the offset is a global that was imported (which is ok) but no
-        // longer is (not ok) we need to change that.
-        if (auto* offset = segment->offset->dynCast<GlobalGet>()) {
-          if (!wasm.getGlobal(offset->name)->imported()) {
+        // If the offset contains a global that was imported (which is ok) but
+        // no longer is (not ok unless GC is enabled), we may need to change
+        // that.
+        if (!wasm.features.hasGC()) {
+          for (auto* get : FindAll<GlobalGet>(segment->offset).list) {
+            // No imported globals should remain.
+            assert(!wasm.getGlobal(get->name)->imported());
             // TODO: the segments must not overlap...
             segment->offset =
               builder.makeConst(Literal::makeFromInt32(0, Type::i32));
-- 
cgit v1.2.3