Merge remote-tracking branch 'upstream/main' into HEAD

sbc100 · sbc100 · commit 26816ef02a35 · 2024-05-10T09:51:19.000-07:00
diff --git a/interpreter/binary/decode.ml b/interpreter/binary/decode.ml
@@ -222,7 +222,7 @@ let zero s = expect 0x00 s "zero byte expected"
 
 let memop s =
   let align = u32 s in
-  require (I32.le_u align 32l) s (pos s - 1) "malformed memop flags";
+  require (I32.lt_u align 32l) s (pos s - 1) "malformed memop flags";
   let offset = u64 s in
   Int32.to_int align, offset
 
diff --git a/test/core/align.wast b/test/core/align.wast
@@ -864,3 +864,120 @@
 (assert_trap (invoke "store" (i32.const 65532) (i64.const -1)) "out of bounds memory access")
 ;; No memory was changed
 (assert_return (invoke "load" (i32.const 65532)) (i32.const 0))
+
+;; Test invalid alignment values that may cause overflow when parsed.
+;; These use the binary format, because it stores alignment as a base-2 exponent.
+
+;; Signed 32-bit overflow
+(assert_invalid
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\1f\00"                ;; i32.load offset=0 align=2**31
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "alignment must not be larger than natural"
+)
+
+;; Unsigned 32-bit overflow
+(assert_malformed
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\20\00"                ;; i32.load offset=0 align=2**32
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "malformed memop flags"
+)
+
+;; 32-bit out of range
+(assert_malformed
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\21\00"                ;; i32.load offset=0 align=2**33
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "malformed memop flags"
+)
+
+;; Signed 64-bit overflow
+(assert_malformed
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\3f\00"                ;; i32.load offset=0 align=2**63
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "malformed memop flags"
+)
+
+;; Unsigned 64-bit overflow
+(assert_malformed
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\40\00"                ;; i32.load offset=0 align=2**64
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "malformed memop flags"
+)
+
+;; 64-bit out of range
+(assert_malformed
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\41\00"                ;; i32.load offset=0 align=2**65
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "malformed memop flags"
+)
diff --git a/test/meta/Makefile b/test/meta/Makefile
@@ -1,7 +1,7 @@
 SHARED_MEM=false
 
 # SpiderMonkey shell
-JSSHELL=~/mozilla-central/js/src/build-debug/dist/bin/js -e 'const WITH_SHARED_MEMORY=$(SHARED_MEM);' -f common.js
+#JSSHELL=~/mozilla-central/js/src/build-debug/dist/bin/js -e 'const WITH_SHARED_MEMORY=$(SHARED_MEM);' -f common.js
 
 # Node.js
 JSSHELL=./noderun.sh $(SHARED_MEM)
