[wasm][fuzzer] Check that global init. does not start beyond code end

Bug: chromium:1104053 Change-Id: Iacfeeb80ab981f20dc2fc40cf8435514876fcf28 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307233 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#68944}
2020-07-20 11:01:09 +00:00 · 2020-07-20 11:01:09 +00:00 · e0ab786410
commit e0ab786410
parent 90271b75d0
1 changed files with 4 additions and 0 deletions
--- a/src/wasm/module-decoder.cc
+++ b/src/wasm/module-decoder.cc
@ -1638,6 +1638,10 @@ class ModuleDecoderImpl : public Decoder {
  }

  WasmInitExpr consume_init_expr(WasmModule* module, ValueType expected) {
+    if (pc() >= end()) {
+      error(pc(), "Global initializer starting beyond code end");
+      return {};
+    }
    constexpr Decoder::ValidateFlag validate = Decoder::kValidate;
    WasmOpcode opcode = kExprNop;
    std::vector<WasmInitExpr> stack;