From 6ebc808a9b4590aeb174ace17ed7aed6f17eebdd Mon Sep 17 00:00:00 2001
From: Keno Fischer <keno@juliacomputing.com>
Date: Fri, 9 Aug 2019 19:42:22 -0400
Subject: [PATCH] [wasm][anyref] fix decoding of table index immediates

Before dd6f4d4f4cae, this function was reading a single u8 and verifying
that it was 0x00. The referenced commit dropped this check as part of
implementing decoding for table.get, but neglected to change the read type
to u32v, which is the specified type of this immediate. Fix that.

R=ahaas@chromium.org, titzer@chromium.org

Change-Id: Ic2ce795023ec57be2c95aa79e62d3ccd1aa9c43c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1747178
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63281}
---
 AUTHORS                                               | 1 +
 src/wasm/function-body-decoder-impl.h                 | 2 +-
 test/unittests/wasm/function-body-decoder-unittest.cc | 3 +++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/AUTHORS b/AUTHORS
index ec4fe71321..1198de8f35 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -39,6 +39,7 @@ Vewd Software AS <*@vewd.com>
 Groupon <*@groupon.com>
 Meteor Development Group <*@meteor.com>
 Cloudflare, Inc. <*@cloudflare.com>
+Julia Computing, Inc. <*@juliacomputing.com>
 
 Aaron Bieber <deftly@gmail.com>
 Abdulla Kamar <abdulla.kamar@gmail.com>
diff --git a/src/wasm/function-body-decoder-impl.h b/src/wasm/function-body-decoder-impl.h
index 2034b354d4..e54c50611f 100644
--- a/src/wasm/function-body-decoder-impl.h
+++ b/src/wasm/function-body-decoder-impl.h
@@ -395,7 +395,7 @@ struct TableIndexImmediate {
   unsigned length = 1;
   inline TableIndexImmediate() = default;
   inline TableIndexImmediate(Decoder* decoder, const byte* pc) {
-    index = decoder->read_u8<validate>(pc + 1, "table index");
+    index = decoder->read_u32v<validate>(pc + 1, &length, "table index");
   }
 };
 
diff --git a/test/unittests/wasm/function-body-decoder-unittest.cc b/test/unittests/wasm/function-body-decoder-unittest.cc
index 725f7f4a59..a9107fe6da 100644
--- a/test/unittests/wasm/function-body-decoder-unittest.cc
+++ b/test/unittests/wasm/function-body-decoder-unittest.cc
@@ -2104,6 +2104,9 @@ TEST_F(FunctionBodyDecoderTest, TableGet) {
   ExpectValidates(
       &sig,
       {WASM_SET_LOCAL(local_func, WASM_TABLE_GET(tab_func2, WASM_I32V(7)))});
+  ExpectValidates(
+      &sig, {WASM_SET_LOCAL(local_ref, WASM_SEQ(WASM_I32V(6), kExprTableGet,
+                                                U32V_2(tab_ref1)))});
 
   // We can store funcref values as anyref, but not the other way around.
   ExpectFailure(&sig, {WASM_SET_LOCAL(local_func,