Fix crash when function counts mismatch (#1739)

This can happen if we don't stop on first error, and we get a malformed module where the func counts don't match. It's hard to write a test for this, since the kStopOnFirstError is fixed (not set by command line), but this case is quite easy for fuzzers to catch.
author: Ng Zhi An <zhin@chromium.org> 2021-10-15 18:01:54 -0700
committer: GitHub <noreply@github.com> 2021-10-15 18:01:54 -0700
commit: 669d32b09920c41bec6a4524c0f2c371483ad12c (patch)
tree: 12d663fdef09ffd853f08b963f3998b11bca47ae /src/binary-reader-ir.cc
parent: 2c6d7f672f4e1f16873177d414004b226ae375bf (diff)
download: wabt-669d32b09920c41bec6a4524c0f2c371483ad12c.tar.gz
wabt-669d32b09920c41bec6a4524c0f2c371483ad12c.tar.bz2
wabt-669d32b09920c41bec6a4524c0f2c371483ad12c.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/binary-reader-ir.cc b/src/binary-reader-ir.cc
index 97501b57..7563f7e5 100644
--- a/src/binary-reader-ir.cc
+++ b/src/binary-reader-ir.cc
@@ -644,7 +644,13 @@ Result BinaryReaderIR::OnStartFunction(Index func_index) {
 }
 
 Result BinaryReaderIR::OnFunctionBodyCount(Index count) {
-  assert(module_->num_func_imports + count == module_->funcs.size());
+  // Can hit this case on a malformed module if we don't stop on first error.
+  if (module_->num_func_imports + count != module_->funcs.size()) {
+    PrintError(
+        "number of imported func + func count in code section does not match "
+        "actual number of funcs in module");
+    return Result::Error;
+  }
   return Result::Ok;
 }
author	Ng Zhi An <zhin@chromium.org>	2021-10-15 18:01:54 -0700
committer	GitHub <noreply@github.com>	2021-10-15 18:01:54 -0700
commit	669d32b09920c41bec6a4524c0f2c371483ad12c (patch)
tree	12d663fdef09ffd853f08b963f3998b11bca47ae /src/binary-reader-ir.cc
parent	2c6d7f672f4e1f16873177d414004b226ae375bf (diff)
download	wabt-669d32b09920c41bec6a4524c0f2c371483ad12c.tar.gz wabt-669d32b09920c41bec6a4524c0f2c371483ad12c.tar.bz2 wabt-669d32b09920c41bec6a4524c0f2c371483ad12c.zip