[1.6>1.7] [MERGE #3469 @Cellule] WASM: reserved immediates

Cellule · Cellule · commit f95b7cbf33b8 · 2017-08-03T10:36:42.000-07:00
Merge pull request #3469 from Cellule:users/micfer/wasm/reserved Make sure reserved value are 0 Fixes #3450
diff --git a/lib/WasmReader/WasmBinaryReader.cpp b/lib/WasmReader/WasmBinaryReader.cpp
@@ -424,9 +424,18 @@ WasmOp WasmBinaryReader::ReadExpr()
         break;
     case wbCurrentMemory:
     case wbGrowMemory:
+    {
         // Reserved value currently unused
-        ReadConst<uint8>();
+        uint8 reserved = ReadConst<uint8>();
+        if (reserved != 0)
+        {
+            ThrowDecodingError(op == wbCurrentMemory
+                ? _u("current_memory reserved value must be 0")
+                : _u("grow_memory reserved value must be 0")
+            );
+        }
         break;
+    }
 #define WASM_MEM_OPCODE(opname, opcode, sig, nyi) \
     case wb##opname: \
         MemNode(); \
@@ -493,7 +502,11 @@ void WasmBinaryReader::CallIndirectNode()
 
     uint32 funcNum = LEB128(length);
     // Reserved value currently unused
-    ReadConst<uint8>();
+    uint8 reserved = ReadConst<uint8>();
+    if (reserved != 0)
+    {
+        ThrowDecodingError(_u("call_indirect reserved value must be 0"));
+    }
     if (!m_module->HasTable() && !m_module->HasTableImport())
     {
         ThrowDecodingError(_u("Found call_indirect operator, but no table"));
diff --git a/test/wasm/binary.js b/test/wasm/binary.js
@@ -0,0 +1,51 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+/* global assert,testRunner */ // eslint rule
+WScript.LoadScriptFile("../UnitTestFrameWork/UnitTestFrameWork.js");
+WScript.LoadScriptFile("../wasmspec/testsuite/harness/wasm-constants.js");
+WScript.LoadScriptFile("../wasmspec/testsuite/harness/wasm-module-builder.js");
+WScript.Flag("-off:wasmdeferred");
+
+function makeReservedTest(name, body, msg) {
+  return {
+    name,
+    body() {
+      const builder = new WasmModuleBuilder();
+      builder.addFunction(null, kSig_v_i).addBody(body);
+      try {
+        new WebAssembly.Module(builder.toBuffer());
+        assert.fail("Expected an exception");
+      } catch (e) {
+        if (!(e instanceof WebAssembly.CompileError) || RegExp(msg, "i").test(e.message)) {
+          return;
+        }
+        assert.fail(`Expected error message: ${msg}. Got ${e.message}`);
+      }
+    }
+  }
+}
+
+const tests = [
+  makeReservedTest("current_memory reserved", [kExprMemorySize, 1], "current_memory reserved value must be 0"),
+  makeReservedTest("grow_memory reserved", [kExprGrowMemory, 1], "grow_memory reserved value must be 0"),
+  makeReservedTest("call_indirect reserved", [kExprCallIndirect, 1], "call_indirect reserved value must be 0"),
+];
+
+WScript.LoadScriptFile("../UnitTestFrameWork/yargs.js");
+const argv = yargsParse(WScript.Arguments, {
+  boolean: ["verbose"],
+  number: ["start", "end"],
+  default: {
+    verbose: true,
+    start: 0,
+    end: tests.length
+  }
+}).argv;
+
+const todoTests = tests
+  .slice(argv.start, argv.end);
+
+testRunner.run(todoTests, {verbose: argv.verbose});
diff --git a/test/wasm/rlexe.xml b/test/wasm/rlexe.xml
@@ -281,6 +281,13 @@
     <tags>exclude_xplat,exclude_jshost,exclude_win7</tags>
   </default>
 </test>
+<test>
+  <default>
+    <files>binary.js</files>
+    <compile-flags>-wasm -args --no-verbose -endargs</compile-flags>
+    <tags>exclude_xplat</tags>
+  </default>
+</test>
 <test>
   <default>
     <files>limits.js</files>
