Log Message
[JSC] Improve Wasm binary test coverage https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/_javascript_Core:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Modified Paths
- trunk/JSTests/ChangeLog
- trunk/JSTests/wasm/Builder_WebAssemblyBinary.js
- trunk/JSTests/wasm/function-tests/grow-memory.js
- trunk/JSTests/wasm/spec-tests/binary-leb128.wast.js
- trunk/JSTests/wasm/spec-tests/binary.wast.js
- trunk/JSTests/wasm/wasm.json
- trunk/Source/_javascript_Core/ChangeLog
- trunk/Source/_javascript_Core/wasm/WasmFunctionParser.h
- trunk/Source/_javascript_Core/wasm/WasmSectionParser.cpp
- trunk/Source/_javascript_Core/wasm/wasm.json
- trunk/Source/WTF/ChangeLog
- trunk/Source/WTF/wtf/HexNumber.cpp
- trunk/Source/WTF/wtf/HexNumber.h
- trunk/Source/WTF/wtf/LEBDecoder.h
- trunk/Tools/ChangeLog
- trunk/Tools/TestWebKitAPI/Tests/WTF/LEBDecoder.cpp
Diff
Modified: trunk/JSTests/ChangeLog (269997 => 269998)
--- trunk/JSTests/ChangeLog 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/JSTests/ChangeLog 2020-11-18 23:50:34 UTC (rev 269998)
@@ -1,3 +1,16 @@
+2020-11-17 Yusuke Suzuki <[email protected]>
+
+ [JSC] Improve Wasm binary test coverage
+ https://bugs.webkit.org/show_bug.cgi?id=204843
+
+ Reviewed by Darin Adler.
+
+ * wasm/function-tests/grow-memory.js:
+ (binaryShouldNotParse):
+ * wasm/spec-tests/binary-leb128.wast.js:
+ * wasm/spec-tests/binary.wast.js:
+ * wasm/wasm.json:
+
2020-11-18 Ross Kirsling <[email protected]>
Update test262 (2020.11.18)
Modified: trunk/JSTests/wasm/Builder_WebAssemblyBinary.js (269997 => 269998)
--- trunk/JSTests/wasm/Builder_WebAssemblyBinary.js 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/JSTests/wasm/Builder_WebAssemblyBinary.js 2020-11-18 23:50:34 UTC (rev 269998)
@@ -38,7 +38,7 @@
assert.truthy(typeof maximum === "undefined", "We expect 'maximum' to be an integer if it's defined");
}
- put(bin, "varuint1", hasMaximum);
+ put(bin, "uint8", hasMaximum);
put(bin, "varuint32", initial);
if (hasMaximum)
put(bin, "varuint32", maximum);
@@ -55,7 +55,7 @@
const putGlobalType = (bin, global) => {
put(bin, valueType, WASM.typeValue[global.type]);
- put(bin, "varuint1", global.mutability);
+ put(bin, "uint8", global.mutability);
};
const putOp = (bin, op) => {
Modified: trunk/JSTests/wasm/function-tests/grow-memory.js (269997 => 269998)
--- trunk/JSTests/wasm/function-tests/grow-memory.js 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/JSTests/wasm/function-tests/grow-memory.js 2020-11-18 23:50:34 UTC (rev 269998)
@@ -66,7 +66,7 @@
.End()
.End();
- binaryShouldNotParse(builder, "reserved varUint1 for grow_memory must be zero");
+ binaryShouldNotParse(builder, "reserved byte for grow_memory must be zero");
}
{
@@ -83,7 +83,7 @@
.End()
.End();
- binaryShouldNotParse(builder, "reserved varUint1 for current_memory must be zero");
+ binaryShouldNotParse(builder, "reserved byte for current_memory must be zero");
}
{
@@ -95,12 +95,12 @@
.Code()
.Function({ret: "void", params: []})
.I32Const(25)
- .CurrentMemory(0xffffff00)
+ .CurrentMemory(0xff)
.Drop()
.End()
.End();
- binaryShouldNotParse(builder, "can't parse reserved varUint1 for current_memory");
+ binaryShouldNotParse(builder, "reserved byte for current_memory must be zero");
}
{
@@ -112,12 +112,12 @@
.Code()
.Function({ret: "void", params: []})
.I32Const(25)
- .GrowMemory(0xffffff00)
+ .GrowMemory(0xff)
.Drop()
.End()
.End();
- binaryShouldNotParse(builder, "can't parse reserved varUint1 for grow_memory");
+ binaryShouldNotParse(builder, "reserved byte for grow_memory must be zero");
}
{
Modified: trunk/JSTests/wasm/spec-tests/binary-leb128.wast.js (269997 => 269998)
--- trunk/JSTests/wasm/spec-tests/binary-leb128.wast.js 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/JSTests/wasm/spec-tests/binary-leb128.wast.js 2020-11-18 23:50:34 UTC (rev 269998)
@@ -15,8 +15,8 @@
let $5 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x00\x00\x0b\x07\x01\x80\x00\x41\x00\x0b\x00");
// binary-leb128.wast:32
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
+// This is skipped because this module becomes invalid if wasm-reference is enabled. And we are supporting it.
+// https://webassembly.github.io/reference-types/core/binary/modules.html#element-section
// let $6 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x04\x04\x01\x70\x00\x00\x09\x07\x01\x80\x00\x41\x00\x0b\x00");
// binary-leb128.wast:40
@@ -146,171 +146,107 @@
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x10\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\x0b");
// binary-leb128.wast:524
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x07\x01\x00\x82\x80\x80\x80\x70");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x07\x01\x00\x82\x80\x80\x80\x70");
// binary-leb128.wast:532
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x07\x01\x00\x82\x80\x80\x80\x40");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x07\x01\x00\x82\x80\x80\x80\x40");
// binary-leb128.wast:540
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x09\x01\x01\x82\x00\x82\x80\x80\x80\x10");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x09\x01\x01\x82\x00\x82\x80\x80\x80\x10");
// binary-leb128.wast:549
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x09\x01\x01\x82\x00\x82\x80\x80\x80\x40");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x09\x01\x01\x82\x00\x82\x80\x80\x80\x40");
// binary-leb128.wast:558
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x00\x00\x0b\x0a\x01\x80\x80\x80\x80\x10\x41\x00\x0b\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x00\x00\x0b\x0a\x01\x80\x80\x80\x80\x10\x41\x00\x0b\x00");
// binary-leb128.wast:569
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x04\x04\x01\x70\x00\x00\x09\x0a\x01\x80\x80\x80\x80\x10\x41\x00\x0b\x00");
// binary-leb128.wast:580
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x00\x83\x80\x80\x80\x10\x01\x31\x32");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x00\x83\x80\x80\x80\x10\x01\x31\x32");
// binary-leb128.wast:591
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x00\x09\x83\x80\x80\x80\x40\x31\x32\x33\x34");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x00\x09\x83\x80\x80\x80\x40\x31\x32\x33\x34");
// binary-leb128.wast:602
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x0b\x01\x60\x82\x80\x80\x80\x10\x7f\x7e\x01\x7f");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x0b\x01\x60\x82\x80\x80\x80\x10\x7f\x7e\x01\x7f");
// binary-leb128.wast:614
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x0b\x01\x60\x02\x7f\x7e\x81\x80\x80\x80\x40\x7f");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x0b\x01\x60\x02\x7f\x7e\x81\x80\x80\x80\x40\x7f");
// binary-leb128.wast:626
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x88\x80\x80\x80\x10\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x88\x80\x80\x80\x10\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00");
// binary-leb128.wast:641
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x08\x73\x70\x65\x63\x74\x65\x73\x74\x89\x80\x80\x80\x40\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x08\x73\x70\x65\x63\x74\x65\x73\x74\x89\x80\x80\x80\x40\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00");
// binary-leb128.wast:656
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x08\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x80\x80\x80\x80\x10");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x08\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x80\x80\x80\x80\x10");
// binary-leb128.wast:671
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x06\x01\x80\x80\x80\x80\x10\x0a\x04\x01\x02\x00\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x06\x01\x80\x80\x80\x80\x10\x0a\x04\x01\x02\x00\x0b");
// binary-leb128.wast:684
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x07\x0a\x01\x82\x80\x80\x80\x10\x66\x31\x00\x00\x0a\x04\x01\x02\x00\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x07\x0a\x01\x82\x80\x80\x80\x10\x66\x31\x00\x00\x0a\x04\x01\x02\x00\x0b");
// binary-leb128.wast:700
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x07\x0a\x01\x02\x66\x31\x00\x80\x80\x80\x80\x10\x0a\x04\x01\x02\x00\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x07\x0a\x01\x02\x66\x31\x00\x80\x80\x80\x80\x10\x0a\x04\x01\x02\x00\x0b");
// binary-leb128.wast:716
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x0a\x08\x81\x80\x80\x80\x10\x02\x00\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x0a\x08\x81\x80\x80\x80\x10\x02\x00\x0b");
// binary-leb128.wast:729
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x02\x82\x80\x80\x80\x10\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x02\x82\x80\x80\x80\x10\x1a\x0b");
// binary-leb128.wast:748
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x02\x82\x80\x80\x80\x40\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x02\x82\x80\x80\x80\x40\x1a\x0b");
// binary-leb128.wast:767
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x82\x80\x80\x80\x10\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x82\x80\x80\x80\x10\x00\x1a\x0b");
// binary-leb128.wast:785
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x82\x80\x80\x80\x40\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x82\x80\x80\x80\x40\x00\x1a\x0b");
// binary-leb128.wast:804
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x82\x80\x80\x80\x10\x03\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x82\x80\x80\x80\x10\x03\x0b");
// binary-leb128.wast:823
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x82\x80\x80\x80\x40\x03\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x82\x80\x80\x80\x40\x03\x0b");
// binary-leb128.wast:842
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x02\x82\x80\x80\x80\x10\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x02\x82\x80\x80\x80\x10\x0b");
// binary-leb128.wast:861
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x02\x82\x80\x80\x80\x40\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x02\x82\x80\x80\x80\x40\x0b");
// binary-leb128.wast:883
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\x80\x80\x80\x80\x70\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\x80\x80\x80\x80\x70\x0b");
// binary-leb128.wast:893
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\xff\xff\xff\xff\x0f\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\xff\xff\xff\xff\x0f\x0b");
// binary-leb128.wast:903
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\x80\x80\x80\x80\x1f\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\x80\x80\x80\x80\x1f\x0b");
// binary-leb128.wast:913
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\xff\xff\xff\xff\x4f\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\xff\xff\xff\xff\x4f\x0b");
// binary-leb128.wast:924
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\x80\x80\x80\x80\x80\x80\x80\x80\x80\x7e\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\x80\x80\x80\x80\x80\x80\x80\x80\x80\x7e\x0b");
// binary-leb128.wast:934
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x0b");
// binary-leb128.wast:944
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\x80\x80\x80\x80\x80\x80\x80\x80\x80\x02\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\x80\x80\x80\x80\x80\x80\x80\x80\x80\x02\x0b");
// binary-leb128.wast:954
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\x41\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\x41\x0b");
// binary-leb128.wast:966
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
+// https://bugs.webkit.org/show_bug.cgi?id=173471
+// FIXME: Implement non-trapping float to int conversions.
// let $26 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x0a\x1b\x01\x19\x00\x00\xfc\x80\x00\x00\xfc\x81\x80\x00\x00\xfc\x86\x80\x80\x00\x00\xfc\x87\x80\x80\x80\x00\x00\x0b");
// binary-leb128.wast:986
Modified: trunk/JSTests/wasm/spec-tests/binary.wast.js (269997 => 269998)
--- trunk/JSTests/wasm/spec-tests/binary.wast.js 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/JSTests/wasm/spec-tests/binary.wast.js 2020-11-18 23:50:34 UTC (rev 269998)
@@ -98,34 +98,22 @@
assert_malformed("\x00\x61\x73\x6d\x00\x00\x00\x01");
// binary.wast:48
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x0c\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x0c\x00");
// binary.wast:49
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x7f\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x7f\x00");
// binary.wast:50
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x80\x00\x01\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x80\x00\x01\x00");
// binary.wast:51
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x81\x00\x01\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x81\x00\x01\x00");
// binary.wast:52
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\xff\x00\x01\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\xff\x00\x01\x00");
// binary.wast:56
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\xe0\x7f\x00\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\xe0\x7f\x00\x00");
// binary.wast:70
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x00\x0a\x09\x01\x07\x00\x41\x00\x11\x00\x01\x0b");
@@ -146,47 +134,31 @@
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x09\x01\x07\x00\x41\x00\x40\x01\x1a\x0b");
// binary.wast:183
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0a\x01\x08\x00\x41\x00\x40\x80\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0a\x01\x08\x00\x41\x00\x40\x80\x00\x1a\x0b");
// binary.wast:203
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0b\x01\x09\x00\x41\x00\x40\x80\x80\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0b\x01\x09\x00\x41\x00\x40\x80\x80\x00\x1a\x0b");
// binary.wast:222
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0c\x01\x0a\x00\x41\x00\x40\x80\x80\x80\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0c\x01\x0a\x00\x41\x00\x40\x80\x80\x80\x00\x1a\x0b");
// binary.wast:241
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0d\x01\x0b\x00\x41\x00\x40\x80\x80\x80\x80\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0d\x01\x0b\x00\x41\x00\x40\x80\x80\x80\x80\x00\x1a\x0b");
// binary.wast:261
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x07\x01\x05\x00\x3f\x01\x1a\x0b");
// binary.wast:280
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x08\x01\x06\x00\x3f\x80\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x08\x01\x06\x00\x3f\x80\x00\x1a\x0b");
// binary.wast:299
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x09\x01\x07\x00\x3f\x80\x80\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x09\x01\x07\x00\x3f\x80\x80\x00\x1a\x0b");
// binary.wast:317
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0a\x01\x08\x00\x3f\x80\x80\x80\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0a\x01\x08\x00\x3f\x80\x80\x80\x00\x1a\x0b");
// binary.wast:335
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0b\x01\x09\x00\x3f\x80\x80\x80\x80\x00\x1a\x0b");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0b\x01\x09\x00\x3f\x80\x80\x80\x80\x00\x1a\x0b");
// binary.wast:354
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x0a\x0c\x01\x0a\x02\xff\xff\xff\xff\x0f\x7f\x02\x7e\x0b");
@@ -225,34 +197,22 @@
let $9 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x01\x00");
// binary.wast:475
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x04");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x04");
// binary.wast:485
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x04\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x04\x00");
// binary.wast:496
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x05");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x05");
// binary.wast:506
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x05\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x05\x00");
// binary.wast:517
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x80");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x80");
// binary.wast:527
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x80\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x80\x00");
// binary.wast:540
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x16\x02\x08\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00");
@@ -267,19 +227,13 @@
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x04\x01\x01");
// binary.wast:600
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x70\x02");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x70\x02");
// binary.wast:609
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x04\x01\x70\x02\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x04\x01\x70\x02\x00");
// binary.wast:619
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x06\x01\x70\x81\x00\x00\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x06\x01\x70\x81\x00\x00\x00");
// binary.wast:631
let $11 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x01\x00");
@@ -288,24 +242,16 @@
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x01\x01");
// binary.wast:647
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x02\x01\x02");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x02\x01\x02");
// binary.wast:655
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x02\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x02\x00");
// binary.wast:664
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x05\x01\x81\x00\x00\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x05\x01\x81\x00\x00\x00");
// binary.wast:673
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x05\x01\x81\x01\x00\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x05\x01\x81\x01\x00\x00");
// binary.wast:684
let $12 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x01\x00");
@@ -329,14 +275,10 @@
let $14 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x01\x00\x0a\x04\x01\x02\x00\x0b");
// binary.wast:779
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x07\x02\x00\x41\x00\x0b\x01\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x07\x02\x00\x41\x00\x0b\x01\x00");
// binary.wast:795
-// FIXME: Improve wasm binary test coverage.
-// https://bugs.webkit.org/show_bug.cgi?id=204843
-// assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x07\x02\x00\x41\x00\x0b\x01\x00\x00\x41\x00");
+assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x07\x02\x00\x41\x00\x0b\x01\x00\x00\x41\x00");
// binary.wast:812
assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x0d\x01\x00\x41\x00\x0b\x01\x00\x00\x41\x00\x0b\x01\x00\x0a\x04\x01\x02\x00\x0b");
Modified: trunk/JSTests/wasm/wasm.json (269997 => 269998)
--- trunk/JSTests/wasm/wasm.json 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/JSTests/wasm/wasm.json 2020-11-18 23:50:34 UTC (rev 269998)
@@ -97,8 +97,8 @@
"i64.store": { "category": "memory", "value": 55, "return": [], "parameter": ["addr", "i64"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" },
"f32.store": { "category": "memory", "value": 56, "return": [], "parameter": ["addr", "f32"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" },
"f64.store": { "category": "memory", "value": 57, "return": [], "parameter": ["addr", "f64"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" },
- "current_memory": { "category": "operation", "value": 63, "return": ["size"], "parameter": [], "immediate": [{"name": "flags", "type": "varuint32"}], "description": "query the size of memory" },
- "grow_memory": { "category": "operation", "value": 64, "return": ["size"], "parameter": ["size"], "immediate": [{"name": "flags", "type": "varuint32"}], "description": "grow the size of memory" },
+ "current_memory": { "category": "operation", "value": 63, "return": ["size"], "parameter": [], "immediate": [{"name": "flags", "type": "uint8"}], "description": "query the size of memory" },
+ "grow_memory": { "category": "operation", "value": 64, "return": ["size"], "parameter": ["size"], "immediate": [{"name": "flags", "type": "uint8"}], "description": "grow the size of memory" },
"i32.add": { "category": "arithmetic", "value": 106, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Add" },
"i32.sub": { "category": "arithmetic", "value": 107, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Sub" },
"i32.mul": { "category": "arithmetic", "value": 108, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Mul" },
Modified: trunk/Source/_javascript_Core/ChangeLog (269997 => 269998)
--- trunk/Source/_javascript_Core/ChangeLog 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-11-18 23:50:34 UTC (rev 269998)
@@ -1,3 +1,25 @@
+2020-11-17 Yusuke Suzuki <[email protected]>
+
+ [JSC] Improve Wasm binary test coverage
+ https://bugs.webkit.org/show_bug.cgi?id=204843
+
+ Reviewed by Darin Adler.
+
+ This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
+
+ 1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
+ 2. global section should have uint8 mutability information, not varuint32.
+ 3. memory section should have varuint32 memory count.
+
+ * wasm/WasmFunctionParser.h:
+ (JSC::Wasm::FunctionParser<Context>::parseExpression):
+ (JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
+ * wasm/WasmSectionParser.cpp:
+ (JSC::Wasm::SectionParser::parseResizableLimits):
+ (JSC::Wasm::SectionParser::parseMemory):
+ (JSC::Wasm::SectionParser::parseGlobalType):
+ * wasm/wasm.json:
+
2020-11-18 Yusuke Suzuki <[email protected]>
Unreviewed, relanding r269940
Modified: trunk/Source/_javascript_Core/wasm/WasmFunctionParser.h (269997 => 269998)
--- trunk/Source/_javascript_Core/wasm/WasmFunctionParser.h 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Source/_javascript_Core/wasm/WasmFunctionParser.h 2020-11-18 23:50:34 UTC (rev 269998)
@@ -838,8 +838,8 @@
WASM_PARSER_FAIL_IF(!m_info.memory, "grow_memory is only valid if a memory is defined or imported");
uint8_t reserved;
- WASM_PARSER_FAIL_IF(!parseVarUInt1(reserved), "can't parse reserved varUint1 for grow_memory");
- WASM_PARSER_FAIL_IF(reserved != 0, "reserved varUint1 for grow_memory must be zero");
+ WASM_PARSER_FAIL_IF(!parseUInt8(reserved), "can't parse reserved byte for grow_memory");
+ WASM_PARSER_FAIL_IF(reserved != 0, "reserved byte for grow_memory must be zero");
TypedExpression delta;
WASM_TRY_POP_EXPRESSION_STACK_INTO(delta, "expect an i32 argument to grow_memory on the stack");
@@ -856,8 +856,8 @@
WASM_PARSER_FAIL_IF(!m_info.memory, "current_memory is only valid if a memory is defined or imported");
uint8_t reserved;
- WASM_PARSER_FAIL_IF(!parseVarUInt1(reserved), "can't parse reserved varUint1 for current_memory");
- WASM_PARSER_FAIL_IF(reserved != 0, "reserved varUint1 for current_memory must be zero");
+ WASM_PARSER_FAIL_IF(!parseUInt8(reserved), "can't parse reserved byte for current_memory");
+ WASM_PARSER_FAIL_IF(reserved != 0, "reserved byte for current_memory must be zero");
ExpressionType result;
WASM_TRY_ADD_TO_CONTEXT(addCurrentMemory(result));
@@ -1007,7 +1007,8 @@
case GrowMemory:
case CurrentMemory: {
uint8_t reserved;
- WASM_PARSER_FAIL_IF(!parseVarUInt1(reserved), "can't parse reserved varUint1 for grow_memory/current_memory");
+ WASM_PARSER_FAIL_IF(!parseUInt8(reserved), "can't parse reserved byte for grow_memory/current_memory");
+ WASM_PARSER_FAIL_IF(reserved != 0, "reserved byte for grow_memory/current_memory must be zero");
return { };
}
Modified: trunk/Source/_javascript_Core/wasm/WasmSectionParser.cpp (269997 => 269998)
--- trunk/Source/_javascript_Core/wasm/WasmSectionParser.cpp 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Source/_javascript_Core/wasm/WasmSectionParser.cpp 2020-11-18 23:50:34 UTC (rev 269998)
@@ -34,6 +34,7 @@
#include "WasmNameSectionParser.h"
#include "WasmOps.h"
#include "WasmSignatureInlines.h"
+#include <wtf/HexNumber.h>
#include <wtf/Optional.h>
namespace JSC { namespace Wasm {
@@ -181,7 +182,8 @@
ASSERT(!maximum);
uint8_t flags;
- WASM_PARSER_FAIL_IF(!parseVarUInt1(flags), "can't parse resizable limits flags");
+ WASM_PARSER_FAIL_IF(!parseUInt8(flags), "can't parse resizable limits flags");
+ WASM_PARSER_FAIL_IF(flags != 0x0 && flags != 0x1, "resizable limits flag should be 0x00 or 0x01 but 0x", hex(flags, 2, Lowercase));
WASM_PARSER_FAIL_IF(!parseVarUInt32(initial), "can't parse resizable limits initial page count");
if (flags) {
@@ -263,8 +265,8 @@
auto SectionParser::parseMemory() -> PartialResult
{
- uint8_t count;
- WASM_PARSER_FAIL_IF(!parseVarUInt1(count), "can't parse Memory section's count");
+ uint32_t count;
+ WASM_PARSER_FAIL_IF(!parseVarUInt32(count), "can't parse Memory section's count");
if (!count)
return { };
@@ -506,7 +508,8 @@
{
uint8_t mutability;
WASM_PARSER_FAIL_IF(!parseValueType(global.type), "can't get Global's value type");
- WASM_PARSER_FAIL_IF(!parseVarUInt1(mutability), "can't get Global type's mutability");
+ WASM_PARSER_FAIL_IF(!parseUInt8(mutability), "can't get Global type's mutability");
+ WASM_PARSER_FAIL_IF(mutability != 0x0 && mutability != 0x1, "invalid Global's mutability: 0x", hex(mutability, 2, Lowercase));
global.mutability = static_cast<GlobalInformation::Mutability>(mutability);
return { };
}
Modified: trunk/Source/_javascript_Core/wasm/wasm.json (269997 => 269998)
--- trunk/Source/_javascript_Core/wasm/wasm.json 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Source/_javascript_Core/wasm/wasm.json 2020-11-18 23:50:34 UTC (rev 269998)
@@ -97,8 +97,8 @@
"i64.store": { "category": "memory", "value": 55, "return": [], "parameter": ["addr", "i64"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" },
"f32.store": { "category": "memory", "value": 56, "return": [], "parameter": ["addr", "f32"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" },
"f64.store": { "category": "memory", "value": 57, "return": [], "parameter": ["addr", "f64"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" },
- "current_memory": { "category": "operation", "value": 63, "return": ["size"], "parameter": [], "immediate": [{"name": "flags", "type": "varuint32"}], "description": "query the size of memory" },
- "grow_memory": { "category": "operation", "value": 64, "return": ["size"], "parameter": ["size"], "immediate": [{"name": "flags", "type": "varuint32"}], "description": "grow the size of memory" },
+ "current_memory": { "category": "operation", "value": 63, "return": ["size"], "parameter": [], "immediate": [{"name": "flags", "type": "uint8"}], "description": "query the size of memory" },
+ "grow_memory": { "category": "operation", "value": 64, "return": ["size"], "parameter": ["size"], "immediate": [{"name": "flags", "type": "uint8"}], "description": "grow the size of memory" },
"i32.add": { "category": "arithmetic", "value": 106, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Add" },
"i32.sub": { "category": "arithmetic", "value": 107, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Sub" },
"i32.mul": { "category": "arithmetic", "value": 108, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Mul" },
Modified: trunk/Source/WTF/ChangeLog (269997 => 269998)
--- trunk/Source/WTF/ChangeLog 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Source/WTF/ChangeLog 2020-11-18 23:50:34 UTC (rev 269998)
@@ -1,3 +1,32 @@
+2020-11-17 Yusuke Suzuki <[email protected]>
+
+ [JSC] Improve Wasm binary test coverage
+ https://bugs.webkit.org/show_bug.cgi?id=204843
+
+ Reviewed by Darin Adler.
+
+ LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
+ For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
+
+ 0xff, 0xff, 0xff, 0xff, 0x0f
+ 0b1111111_1111111_1111111_1111111_1111
+
+ Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
+ But we can also make it in the following form
+
+ 0xff, 0xff, 0xff, 0xff, 0xff
+ 0b1111111_1111111_1111111_1111111_1111
+
+ In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
+ We should reject this input since the last byte includes overflown bits.
+ This patch adds this validation to WTF.
+
+ * wtf/LEBDecoder.h:
+ (WTF::LEBDecoder::maxByteLength):
+ (WTF::LEBDecoder::lastByteMask):
+ (WTF::LEBDecoder::decodeUInt):
+ (WTF::LEBDecoder::decodeInt):
+
2020-11-18 Darin Adler <[email protected]>
Remove advanced plug-in feature: small plug-in blocking
Modified: trunk/Source/WTF/wtf/HexNumber.cpp (269997 => 269998)
--- trunk/Source/WTF/wtf/HexNumber.cpp 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Source/WTF/wtf/HexNumber.cpp 2020-11-18 23:50:34 UTC (rev 269998)
@@ -20,6 +20,9 @@
#include "config.h"
#include "HexNumber.h"
+#include <wtf/PrintStream.h>
+#include <wtf/text/StringView.h>
+
namespace WTF {
namespace Internal {
@@ -43,4 +46,9 @@
}
+void printInternal(PrintStream& out, HexNumberBuffer buffer)
+{
+ out.print(StringView(buffer.characters(), buffer.length));
+}
+
} // namespace WTF
Modified: trunk/Source/WTF/wtf/HexNumber.h (269997 => 269998)
--- trunk/Source/WTF/wtf/HexNumber.h 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Source/WTF/wtf/HexNumber.h 2020-11-18 23:50:34 UTC (rev 269998)
@@ -88,6 +88,9 @@
const HexNumberBuffer& m_buffer;
};
+class PrintStream;
+WTF_EXPORT_PRIVATE void printInternal(PrintStream&, HexNumberBuffer);
+
} // namespace WTF
using WTF::hex;
Modified: trunk/Source/WTF/wtf/LEBDecoder.h (269997 => 269998)
--- trunk/Source/WTF/wtf/LEBDecoder.h 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Source/WTF/wtf/LEBDecoder.h 2020-11-18 23:50:34 UTC (rev 269998)
@@ -38,13 +38,22 @@
template<typename T>
constexpr size_t maxByteLength()
{
- const size_t numBits = sizeof(T) * CHAR_BIT;
+ constexpr size_t numBits = sizeof(T) * CHAR_BIT;
return (numBits - 1) / 7 + 1; // numBits / 7 rounding up.
}
template<typename T>
+constexpr unsigned lastByteMask()
+{
+ constexpr size_t numBits = sizeof(T) * CHAR_BIT;
+ static_assert(numBits % 7);
+ return ~((1U << (numBits % 7)) - 1);
+}
+
+template<typename T>
inline bool WARN_UNUSED_RETURN decodeUInt(const uint8_t* bytes, size_t length, size_t& offset, T& result)
{
+ static_assert(std::is_unsigned_v<T>);
if (length <= offset)
return false;
result = 0;
@@ -55,7 +64,7 @@
result |= static_cast<T>(byte & 0x7f) << shift;
shift += 7;
if (!(byte & 0x80))
- return true;
+ return !(((maxByteLength<T>() - 1) == i && (byte & lastByteMask<T>())));
if (i == last)
return false;
}
@@ -66,8 +75,10 @@
template<typename T>
inline bool WARN_UNUSED_RETURN decodeInt(const uint8_t* bytes, size_t length, size_t& offset, T& result)
{
+ static_assert(std::is_signed_v<T>);
if (length <= offset)
return false;
+ using UnsignedT = typename std::make_unsigned<T>::type;
result = 0;
unsigned shift = 0;
size_t last = std::min(maxByteLength<T>(), length - offset) - 1;
@@ -74,15 +85,30 @@
uint8_t byte;
for (unsigned i = 0; true; ++i) {
byte = bytes[offset++];
- result |= static_cast<T>(byte & 0x7f) << shift;
+ result |= static_cast<T>(static_cast<UnsignedT>(byte & 0x7f) << shift);
shift += 7;
- if (!(byte & 0x80))
+ if (!(byte & 0x80)) {
+ if ((maxByteLength<T>() - 1) == i) {
+ if (!(byte & 0x40)) {
+ // This is a non-sign-extended, positive number. Then, the remaining bits should be (lastByteMask<T>() >> 1).
+ // For example, in the int32_t case, the last byte should be less than 0b00000111, since 7 * 4 + 3 = 31.
+ if (byte & (lastByteMask<T>() >> 1))
+ return false;
+ } else {
+ // This is sign-extended, negative number. Then, zero should not exists in (lastByteMask<T>() >> 1) bits except for the top bit.
+ // For example, in the int32_t case, the last byte should be 0b01111XXX and 1 part must be 1. Since we already checked 0x40 is 1,
+ // middle [3,5] bits must be zero (e.g. 0b01000111 is invalid). We convert 0b01111XXX =(| 0x80)=> 0b11111XXX =(~)=> 0b00000YYY.
+ // And check that we do not have 1 in upper 5 bits.
+ if (static_cast<uint8_t>(~(byte | 0x80)) & (lastByteMask<T>() >> 1))
+ return false;
+ }
+ }
break;
+ }
if (i == last)
return false;
}
- using UnsignedT = typename std::make_unsigned<T>::type;
const size_t numBits = sizeof(T) * CHAR_BIT;
if (shift < numBits && (byte & 0x40))
result = static_cast<T>(static_cast<UnsignedT>(result) | (static_cast<UnsignedT>(-1) << shift));
Modified: trunk/Tools/ChangeLog (269997 => 269998)
--- trunk/Tools/ChangeLog 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Tools/ChangeLog 2020-11-18 23:50:34 UTC (rev 269998)
@@ -1,3 +1,20 @@
+2020-11-17 Yusuke Suzuki <[email protected]>
+
+ [JSC] Improve Wasm binary test coverage
+ https://bugs.webkit.org/show_bug.cgi?id=204843
+
+ Reviewed by Darin Adler.
+
+ We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
+
+ * TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
+ (TestWebKitAPI::toString):
+ (TestWebKitAPI::testUInt32LEBDecode):
+ (TestWebKitAPI::TEST):
+ (TestWebKitAPI::testUInt64LEBDecode):
+ (TestWebKitAPI::testInt32LEBDecode):
+ (TestWebKitAPI::testInt64LEBDecode):
+
2020-11-18 Aakash Jain <[email protected]>
[ews] Add timeout to network requests
Modified: trunk/Tools/TestWebKitAPI/Tests/WTF/LEBDecoder.cpp (269997 => 269998)
--- trunk/Tools/TestWebKitAPI/Tests/WTF/LEBDecoder.cpp 2020-11-18 23:38:14 UTC (rev 269997)
+++ trunk/Tools/TestWebKitAPI/Tests/WTF/LEBDecoder.cpp 2020-11-18 23:50:34 UTC (rev 269998)
@@ -25,20 +25,33 @@
#include "config.h"
+#include <string>
#include <wtf/LEBDecoder.h>
#include <wtf/Vector.h>
namespace TestWebKitAPI {
+static std::string toString(const Vector<uint8_t>& vector)
+{
+ std::stringstream out;
+ out << std::hex;
+ out << "{ ";
+ for (uint8_t v : vector)
+ out << "0x" << std::setfill('0') << std::setw(2) << static_cast<unsigned>(v) << ", ";
+ out << "}";
+ return out.str();
+}
+
static void testUInt32LEBDecode(std::initializer_list<uint8_t> data, size_t startOffset, bool expectedStatus, uint32_t expectedResult, size_t expectedOffset)
{
Vector<uint8_t> vector(data);
+ auto string = toString(vector);
uint32_t result;
bool status = WTF::LEBDecoder::decodeUInt32(vector.data(), vector.size(), startOffset, result);
- EXPECT_EQ(expectedStatus, status);
+ EXPECT_EQ(expectedStatus, status) << string;
if (expectedStatus) {
- EXPECT_EQ(expectedResult, result);
- EXPECT_EQ(expectedOffset, startOffset);
+ EXPECT_EQ(expectedResult, result) << string;
+ EXPECT_EQ(expectedOffset, startOffset) << string;
}
}
@@ -51,7 +64,8 @@
testUInt32LEBDecode({ 0x89, 0x12 }, 0, true, 0x909lu, 2lu);
testUInt32LEBDecode({ 0xf3, 0x85, 0x02 }, 0, true, 0x82f3lu, 3lu);
testUInt32LEBDecode({ 0xf3, 0x85, 0xff, 0x74 }, 0, true, 0xe9fc2f3lu, 4lu);
- testUInt32LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x7f }, 0, true, 0xfe9fc2f3lu, 5lu);
+ testUInt32LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x0f }, 0, true, 0xfe9fc2f3lu, 5lu);
+ testUInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x0f }, 0, true, 0xfffffffflu, 5lu);
// Test with extra trailing numbers
testUInt32LEBDecode({ 0x07, 0x80 }, 0, true, 0x7lu, 1lu);
testUInt32LEBDecode({ 0x07, 0x75 }, 0, true, 0x7lu, 1lu);
@@ -75,17 +89,21 @@
testUInt32LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 0, false, 0x0lu, 0lu);
// Test decode off end of array
testUInt32LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0lu, 0lu);
+ // Test decode overflow
+ testUInt32LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x1f }, 0, false, 0x0lu, 0lu);
+ testUInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x10 }, 0, false, 0x0lu, 0lu);
}
static void testUInt64LEBDecode(std::initializer_list<uint8_t> data, size_t startOffset, bool expectedStatus, uint64_t expectedResult, size_t expectedOffset)
{
Vector<uint8_t> vector(data);
+ auto string = toString(vector);
uint64_t result;
bool status = WTF::LEBDecoder::decodeUInt64(vector.data(), vector.size(), startOffset, result);
- EXPECT_EQ(expectedStatus, status);
+ EXPECT_EQ(expectedStatus, status) << string;
if (expectedStatus) {
- EXPECT_EQ(expectedResult, result);
- EXPECT_EQ(expectedOffset, startOffset);
+ EXPECT_EQ(expectedResult, result) << string;
+ EXPECT_EQ(expectedOffset, startOffset) << string;
}
}
@@ -104,7 +122,8 @@
testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x0f }, 0, true, 0x1eea5ffe9fc2f3lu, 8lu);
testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0x69 }, 0, true, 0x691eea5ffe9fc2f3lu, 9lu);
testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0xe9, 0x01 }, 0, true, 0xe91eea5ffe9fc2f3lu, 10lu);
- testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0xe9, 0x70 }, 0, true, 0x691eea5ffe9fc2f3lu, 10lu);
+ testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0xe9, 0x00 }, 0, true, 0x691eea5ffe9fc2f3lu, 10lu);
+ testUInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01 }, 0, true, 0xfffffffffffffffflu, 10lu);
// Test with extra trailing numbers
testUInt64LEBDecode({ 0x07, 0x80 }, 0, true, 0x7lu, 1lu);
testUInt64LEBDecode({ 0x07, 0x75 }, 0, true, 0x7lu, 1lu);
@@ -135,17 +154,20 @@
testUInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0lu, 0lu);
testUInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0lu, 0lu);
testUInt64LEBDecode({ 0x92, 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f }, 1, false, 0x0lu, 0lu);
+ // Test decode overflow
+ testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0xe9, 0x02 }, 0, false, 0x0lu, 0lu);
}
static void testInt32LEBDecode(std::initializer_list<uint8_t> data, size_t startOffset, bool expectedStatus, int32_t expectedResult, size_t expectedOffset)
{
Vector<uint8_t> vector(data);
+ auto string = toString(vector);
int32_t result;
bool status = WTF::LEBDecoder::decodeInt32(vector.data(), vector.size(), startOffset, result);
- EXPECT_EQ(expectedStatus, status);
+ EXPECT_EQ(expectedStatus, status) << string;
if (expectedStatus) {
- EXPECT_EQ(expectedResult, result);
- EXPECT_EQ(expectedOffset, startOffset);
+ EXPECT_EQ(expectedResult, result) << string;
+ EXPECT_EQ(expectedOffset, startOffset) << string;
}
}
@@ -159,6 +181,9 @@
testInt32LEBDecode({ 0xf3, 0x85, 0x02 }, 0, true, 0x82f3, 3lu);
testInt32LEBDecode({ 0xf3, 0x85, 0xff, 0x74 }, 0, true, 0xfe9fc2f3, 4lu);
testInt32LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x7f }, 0, true, 0xfe9fc2f3, 5lu);
+ testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x07 }, 0, true, INT32_MAX, 5lu);
+ testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x7f }, 0, true, -1, 5lu);
+ testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x7b }, 0, true, -1073741825, 5lu);
// Test with extra trailing numbers
testInt32LEBDecode({ 0x07, 0x80 }, 0, true, 0x7, 1lu);
testInt32LEBDecode({ 0x07, 0x75 }, 0, true, 0x7, 1lu);
@@ -182,17 +207,21 @@
testInt32LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 0, false, 0x0, 0lu);
// Test decode off end of array
testInt32LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0, 0lu);
+ // Test decode overflow
+ testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x08 }, 0, false, 0, 0lu);
+ testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x77 }, 0, false, 0, 0lu);
}
static void testInt64LEBDecode(std::initializer_list<uint8_t> data, size_t startOffset, bool expectedStatus, int64_t expectedResult, size_t expectedOffset)
{
Vector<uint8_t> vector(data);
+ auto string = toString(vector);
int64_t result;
bool status = WTF::LEBDecoder::decodeInt64(vector.data(), vector.size(), startOffset, result);
- EXPECT_EQ(expectedStatus, status);
+ EXPECT_EQ(expectedStatus, status) << string;
if (expectedStatus) {
- EXPECT_EQ(expectedResult, result);
- EXPECT_EQ(expectedOffset, startOffset);
+ EXPECT_EQ(expectedResult, result) << string;
+ EXPECT_EQ(expectedOffset, startOffset) << string;
}
}
@@ -210,8 +239,12 @@
testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x1a }, 0, true, 0xd0fe9fc2f3, 6lu);
testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0x2a }, 0, true, 0x5400d0fe9fc2f3, 8lu);
testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0x41 }, 0, true, 0xc15400d0fe9fc2f3, 9lu);
- testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0xc1, 0x01 }, 0, true, 0xc15400d0fe9fc2f3, 10lu);
- testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0xc1, 0x62 }, 0, true, 0x415400d0fe9fc2f3, 10lu);
+ testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, }, 0, true, INT64_MAX >> 1, 9lu);
+ testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, }, 0, true, -1, 9lu);
+ testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00 }, 0, true, INT64_MAX, 10lu);
+ testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 0, true, -1, 10lu);
+ testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0xc1, 0x7f }, 0, true, 0xc15400d0fe9fc2f3, 10lu);
+ testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0xc1, 0x00 }, 0, true, 0x415400d0fe9fc2f3, 10lu);
// Test with extra trailing numbers
testInt64LEBDecode({ 0x07, 0x80 }, 0, true, 0x7, 1lu);
testInt64LEBDecode({ 0x07, 0x75 }, 0, true, 0x7, 1lu);
@@ -233,8 +266,12 @@
testInt64LEBDecode({ 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 }, 0, false, 0x0, 0lu);
testInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 1, false, 0x0, 0lu);
testInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 0, false, 0x0, 0lu);
+ testInt64LEBDecode({ 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x00 }, 0, false, 0lu, 0lu);
// Test decode off end of array
testInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0, 0lu);
+ // Test decode overflow
+ testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01 }, 0, false, 0, 0lu);
+ testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7e }, 0, false, 0, 0lu);
}
_______________________________________________ webkit-changes mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-changes
