Skip to content

Commit 059aa20

Browse files
kripkenkripken
authored
Fix IRBuilder on local operations outside of a function context (#7183)
IRBuilder needs to check for a function context before doing func->getLocalType(). Without such a check, a bad binary with a local operation in say a global init would lead to a crash. We don't actually need this for local.set, unlike tee and get, since it doesn't call getLocalType, but this PR adds that too for consistency of errors. No other operations in IRBuilder were missing this check aside from local operations. Fixes #7178
1 parent 1911e0b commit 059aa20

7 files changed

Lines changed: 39 additions & 0 deletions

src/wasm/wasm-ir-builder.cpp

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1259,11 +1259,17 @@ Result<> IRBuilder::makeCallIndirect(Name table, HeapType type, bool isReturn) {
12591259
}
12601260

12611261
Result<> IRBuilder::makeLocalGet(Index local) {
1262+
if (!func) {
1263+
return Err{"local.get is only valid in a function context"};
1264+
}
12621265
push(builder.makeLocalGet(local, func->getLocalType(local)));
12631266
return Ok{};
12641267
}
12651268

12661269
Result<> IRBuilder::makeLocalSet(Index local) {
1270+
if (!func) {
1271+
return Err{"local.set is only valid in a function context"};
1272+
}
12671273
LocalSet curr;
12681274
curr.index = local;
12691275
CHECK_ERR(visitLocalSet(&curr));
@@ -1272,6 +1278,9 @@ Result<> IRBuilder::makeLocalSet(Index local) {
12721278
}
12731279

12741280
Result<> IRBuilder::makeLocalTee(Index local) {
1281+
if (!func) {
1282+
return Err{"local.tee is only valid in a function context"};
1283+
}
12751284
LocalSet curr;
12761285
curr.index = local;
12771286
CHECK_ERR(visitLocalSet(&curr));

test/lit/binary/global-local-get.test

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
RUN: not wasm-opt --debug %s.wasm 2>&1 | filecheck %s
2+
3+
;; Check that we get the expected error for an input binary that looks like
4+
;; this:
5+
;;
6+
;; (module
7+
;; (global $g i32 (local.get 0))
8+
;; )
9+
10+
;; CHECK: local.get is only valid in a function context

test/lit/binary/global-local-get.test.wasm

16 Bytes
Binary file not shown.

test/lit/binary/global-local-set.test

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
RUN: not wasm-opt --debug %s.wasm 2>&1 | filecheck %s
2+
3+
;; Check that we get the expected error for an input binary that looks like
4+
;; this:
5+
;;
6+
;; (module
7+
;; (global $g i32 (local.set 0 (i32.const 1)))
8+
;; )
9+
10+
;; CHECK: local.set is only valid in a function context

test/lit/binary/global-local-set.test.wasm

18 Bytes
Binary file not shown.

test/lit/binary/global-local-tee.test

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
RUN: not wasm-opt --debug %s.wasm 2>&1 | filecheck %s
2+
3+
;; Check that we get the expected error for an input binary that looks like
4+
;; this:
5+
;;
6+
;; (module
7+
;; (global $g i32 (local.tee 0 (i32.const 1)))
8+
;; )
9+
10+
;; CHECK: local.tee is only valid in a function context

test/lit/binary/global-local-tee.test.wasm

18 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)