Source code
Revision control
Copy as Markdown
Other Tools
// |jit-test| skip-if: !wasmIsSupported()
load(libdir + "asserts.js");
enableGeckoProfilingWithSlowAssertions();
// Test that invalid wasm opcodes with b1 > UINT16_MAX don't crash when profiling.
// The module has a valid header but contains an invalid prefix opcode (0xfc) followed
// by an LEB128-encoded value that exceeds UINT16_MAX, which triggers the bug.
function loadModule() {
new WebAssembly.Module(new Uint8Array([
// WASM magic
0x00, 0x61, 0x73, 0x6d,
// version 1
0x01, 0x00, 0x00, 0x00,
// type section: 1 type
0x01, 0x04, 0x01,
// function type: () -> ()
0x60, 0x00, 0x00,
// function section: 1 function of type 0
0x03, 0x02, 0x01, 0x00,
// code section: 1 function body
0x0a, 0x09, 0x01,
// function body: size 7, 0 locals
0x07, 0x00,
// misc prefix opcode
0xfc,
// LEB128: 4294967295 (> UINT16_MAX, triggers bug)
0xff, 0xff, 0xff, 0xff, 0x0f
]));
}
assertThrowsInstanceOf(loadModule, WebAssembly.CompileError);