-
Notifications
You must be signed in to change notification settings - Fork 745
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle extended const segment offsets in the fuzzer #6382
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
// If the offset is a global that was imported (which is ok) but no | ||
// longer is (not ok) we need to change that. | ||
if (auto* offset = segment->offset->dynCast<GlobalGet>()) { | ||
if (!wasm.getGlobal(offset->name)->imported()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did the check for ->imported()
go away? I think we only need to zero it out of there is a global.get
that is not imported.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I see that finalizeMemory
does do this check, but with a note that imported globals are never encountered. Indeed, setupGlobals
removes all imports. I guess I can follow finalizeMemory
's lead here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another option might be to assert on not seeing an import there - lgtm either way.
Oh yes, assertions make much more sense. Will change both cases. |
The fuzzer already had logic to remove all references to non-imported globals from global initializers and data segment offsets, but it was missing for element segment offsets. Add it, and also add a missing check line for the new test that uncovered this bug as initial fuzzer input.
ad7c8d3
to
979b615
Compare
The fuzzer already had logic to remove all references to non-imported globals
from global initializers and data segment offsets, but it was missing for
element segment offsets. Add it, and also add a missing check line for the new
test that uncovered this bug as initial fuzzer input.