fuzzbug fix

2021-12-24 00:35:18 -08:00 · 2021-12-24 00:35:18 -08:00 · 4cfff0275f
parent f92ea9a556
commit 4cfff0275f
2 changed files with 14 additions and 25 deletions
--- a/src/backend/final.rs
+++ b/src/backend/final.rs
@ -64,13 +64,9 @@ impl Wasm {
                self.translate_target(0, target, locations);
            }
            SerializedOperator::BrIf {
                cond,
                ref if_true,
                ref if_false,
            } => {
                let loc = *locations.locations.get(&(*cond, 0)).unwrap();
                self.operators
                    .push(wasm_encoder::Instruction::LocalGet(loc));
                self.operators.push(wasm_encoder::Instruction::If(
                    wasm_encoder::BlockType::Empty,
                ));
@ -80,19 +76,16 @@ impl Wasm {
                self.operators.push(wasm_encoder::Instruction::End);
            }
            SerializedOperator::BrTable {
                index,
                ref targets,
                ref default,
            } => {
                let ty = self.create_type(vec![wasm_encoder::ValType::I32], vec![]);
                for _ in 0..(targets.len() + 2) {
                    self.operators.push(wasm_encoder::Instruction::Block(
-                        wasm_encoder::BlockType::Empty,
+                        wasm_encoder::BlockType::FunctionType(ty),
                    ));
                }
                let loc = *locations.locations.get(&(*index, 0)).unwrap();
                self.operators
                    .push(wasm_encoder::Instruction::LocalGet(loc));
                let br_table_targets = (1..=targets.len()).map(|i| i as u32).collect::<Vec<_>>();
                self.operators.push(wasm_encoder::Instruction::BrTable(
                    Cow::Owned(br_table_targets),
--- a/src/backend/serialize.rs
+++ b/src/backend/serialize.rs
@ -42,12 +42,10 @@ pub enum SerializedOperator {
    },
    Br(SerializedBlockTarget),
    BrIf {
        cond: Value,
        if_true: SerializedBlockTarget,
        if_false: SerializedBlockTarget,
    },
    BrTable {
        index: Value,
        targets: Vec<SerializedBlockTarget>,
        default: SerializedBlockTarget,
    },
@ -80,20 +78,16 @@ impl SerializedOperator {
                target.visit_value_locals(r, w);
            }
            &SerializedOperator::BrIf {
                cond,
                ref if_true,
                ref if_false,
            } => {
                r(cond, 0);
                if_true.visit_value_locals(r, w);
                if_false.visit_value_locals(r, w);
            }
            &SerializedOperator::BrTable {
                index,
                ref default,
                ref targets,
            } => {
                r(index, 0);
                default.visit_value_locals(r, w);
                for target in targets {
                    target.visit_value_locals(r, w);
@ -274,21 +268,23 @@ impl<'a> SerializedBodyContext<'a> {
                        let mut iter = targets.into_iter();
                        let if_true = iter.next().unwrap();
                        let if_false = iter.next().unwrap();
-                        self.operators.push(SerializedOperator::BrIf {
+                        let mut rev_ops = vec![];
-                            cond,
+                        self.push_value(cond, &mut rev_ops);
-                            if_true,
+                        rev_ops.reverse();
-                            if_false,
+                        self.operators.extend(rev_ops);
-                        });
+                        self.operators
                            .push(SerializedOperator::BrIf { if_true, if_false });
                    }
                    &Terminator::Select { value, .. } => {
                        let mut iter = targets.into_iter();
                        let default = iter.next().unwrap();
                        let targets = iter.collect::<Vec<_>>();
-                        self.operators.push(SerializedOperator::BrTable {
+                        let mut rev_ops = vec![];
-                            index: value,
+                        self.push_value(value, &mut rev_ops);
-                            targets,
+                        rev_ops.reverse();
-                            default,
+                        self.operators.extend(rev_ops);
-                        });
+                        self.operators
                            .push(SerializedOperator::BrTable { targets, default });
                    }
                    &Terminator::Return { ref values, .. } => {
                        let mut rev_ops = vec![];