[wasm] Do not generate a loop stack check upon a decoder error.

A decoder error sets builder_ to null, which causes builder_->StackCheck to segfault. R=titzer@chromium.org TEST=mjsunit/regress/wasm/loop-stack-check Review-Url: https://codereview.chromium.org/2416873002 Cr-Commit-Position: refs/heads/master@{#40271}
2016-10-13 07:32:46 -07:00 · 2016-10-13 07:32:46 -07:00 · fa1f9c37d1
commit fa1f9c37d1
parent 0bf492215c
2 changed files with 20 additions and 0 deletions
--- a/src/wasm/ast-decoder.cc
+++ b/src/wasm/ast-decoder.cc
@ -1627,6 +1627,7 @@ class WasmFullDecoder : public WasmDecoder {
    builder_->Terminate(env->effect, env->control);
    if (FLAG_wasm_loop_assignment_analysis) {
      BitVector* assigned = AnalyzeLoopAssignment(pc);
+      if (failed()) return env;
      if (assigned != nullptr) {
        // Only introduce phis for variables assigned in this loop.
        for (int i = EnvironmentCount() - 1; i >= 0; i--) {
--- a/test/mjsunit/regress/wasm/loop-stack-check.js
+++ b/test/mjsunit/regress/wasm/loop-stack-check.js
@ -0,0 +1,19 @@
+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-wasm
+
+load("test/mjsunit/wasm/wasm-constants.js");
+load("test/mjsunit/wasm/wasm-module-builder.js");
+
+(function() {
+  var builder = new WasmModuleBuilder();
+  builder.addFunction("foo", kSig_i_ii)
+    .addBody([
+        kExprLoop, 00,
+        kExprBrTable, 0xfb, 0xff, 0xff, 0xff,
+              ])
+              .exportFunc();
+  assertThrows(function() { builder.instantiate(); });
+})();