[wasm] Fix bounds check in LoadDataSegments.

The bounds check in LoadDataSegment was off by one. I also improved the
error message, and fixed an issue where data was initialized even if
the bounds check failed.

In InstantiateModuleForTesting I allow instantiation of modules without
exports. This check was legacy code from the time where instantiation
and execution was still combined in a single function.

R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/InitDataAtTheUpperLimit

Review-Url: https://codereview.chromium.org/2486183002
Cr-Commit-Position: refs/heads/master@{#40856}

src/wasm/wasm-module.cc

@@ -1366,8 +1366,12 @@ class WasmInstanceBuilder {
       uint32_t dest_offset = EvalUint32InitExpr(segment.dest_addr);
       uint32_t source_size = segment.source_size;
       if (dest_offset >= mem_size || source_size >= mem_size ||
-          dest_offset >= (mem_size - source_size)) {
-        thrower_->RangeError("data segment does not fit into memory");
+          dest_offset > (mem_size - source_size)) {
+        thrower_->RangeError(
+            "data segment (start = %u, size = %u) does not fit into memory "
+            "(size = %zu)",
+            dest_offset, source_size, mem_size);
+        return;
       }
       byte* dest = mem_addr + dest_offset;
       const byte* src = reinterpret_cast<const byte*>(

test/cctest/wasm/test-run-wasm-module.cc

@@ -802,3 +802,40 @@ TEST(Run_WasmModule_Global_f64) {
   RunWasmModuleGlobalInitTest<double>(kAstF64, -833.9);
   RunWasmModuleGlobalInitTest<double>(kAstF64, 86374.25);
 }
+
+TEST(InitDataAtTheUpperLimit) {
+  {
+    Isolate* isolate = CcTest::InitIsolateOnce();
+    HandleScope scope(isolate);
+    testing::SetupIsolateForWasmModule(isolate);
+
+    ErrorThrower thrower(isolate, "Run_WasmModule_InitDataAtTheUpperLimit");
+
+    const byte data[] = {
+        WASM_MODULE_HEADER,     // --
+        kMemorySectionCode,     // --
+        U32V_1(4),              // section size
+        ENTRY_COUNT(1),         // --
+        kResizableMaximumFlag,  // --
+        1,                      // initial size
+        2,                      // maximum size
+        kDataSectionCode,       // --
+        U32V_1(9),              // section size
+        ENTRY_COUNT(1),         // --
+        0,                      // linear memory index
+        WASM_I32V_3(0xffff),    // destination offset
+        kExprEnd,
+        U32V_1(1),  // source size
+        'c'         // data bytes
+    };
+
+    testing::CompileInstantiateWasmModuleForTesting(isolate, &thrower, data,
+                                                    data + arraysize(data),
+                                                    ModuleOrigin::kWasmOrigin);
+    if (thrower.error()) {
+      thrower.Reify()->Print();
+      CHECK(false);
+    }
+  }
+  Cleanup();
+}

test/common/wasm/wasm-module-runner.cc

@@ -54,9 +54,7 @@ const Handle<JSObject> InstantiateModuleForTesting(Isolate* isolate,
   if (module->import_table.size() > 0) {
     thrower->CompileError("Not supported: module has imports.");
   }
-  if (module->export_table.size() == 0) {
-    thrower->CompileError("Not supported: module has no exports.");
-  }
+
   if (thrower->error()) return Handle<JSObject>::null();
 
   // Although we decoded the module for some pre-validation, run the bytes