wabt icon indicating copy to clipboard operation
wabt copied to clipboard

Published 20 hours ago verified publisher icon WebAssembly

Incorrect functype decoding

Open chfast opened this issue 4 years ago • 2 comments

The binary reader reads types (functype, but also structs and arrays) in type section using signed LEB128 encoding. The spec defines type as single byte. This causing problem because WABT accepts longer sequences of bytes as valid types while there are invalid in the spec.

I can change the Type::Enum to be based on uint8_t unless you think this will cause some problems with any extensions.

The related spectest from https://github.com/WebAssembly/spec/pull/1254.

;; Type section with signed LEB128 encoded type
(assert_malformed
  (module binary
    "\00asm" "\01\00\00\00"
    "\01"                     ;; Type section id
    "\05"                     ;; Type section length
    "\01"                     ;; Types vector length
    "\e0\7f"                  ;; Malformed functype, -0x20 in signed LEB128 encoding
    "\00\00"
  )
  "integer representation too long"
)

chfast avatar Oct 02 '20 10:10 chfast

It looks like restricting reading types to single byte breaks something related to relocations.

chfast avatar Oct 02 '20 11:10 chfast

WABT accepting this malformed binary means that the extract-parts.sh script shipped with the spec testsuite is incorrectly adding the module to the valid/ subdirectory.

asm89 avatar Jan 08 '21 14:01 asm89

I believe this was fixed in #1622

keithw avatar Sep 18 '22 06:09 keithw