Validate tag attribute field and empty tag result type.

woess · woess · commit ab1d6363ae18 · 2025-10-01T15:11:24.000+02:00
Throw on tag import and export identifiers if exception handling is disabled.
diff --git a/wasm/src/org.graalvm.wasm.test/src/org/graalvm/wasm/test/suites/validation/ValidationSuite.java b/wasm/src/org.graalvm.wasm.test/src/org/graalvm/wasm/test/suites/validation/ValidationSuite.java
@@ -205,7 +205,7 @@ public static Collection<Object[]> data() {
                                         Failure.Type.MALFORMED),
                         binaryCase(
                                         "Global - invalid modified",
-                                        "Invalid mutability flag: 2",
+                                        "Invalid mutability flag: 0x02",
                                         "00 61 73 6D 01 00 00 00 06 06 01 7F 02 41 00 0B",
                                         Failure.Type.MALFORMED),
                         binaryCase(
@@ -993,7 +993,24 @@ public static Collection<Object[]> data() {
                                         "Data Count Section - not supported",
                                         "invalid section ID: 12",
                                         "00 61 73 6D 01 00 00 00 0C 00",
-                                        Failure.Type.MALFORMED));
+                                        Failure.Type.MALFORMED),
+
+                        // Tag section
+                        binaryCase(
+                                        "Tag section - invalid attribute",
+                                        "Invalid tag attribute: 0x01",
+                                        "00 61 73 6d 01 00 00 00 " +
+                                                        "01 04 01 60 00 00 " + // type section
+                                                        "0d 03 01 01 00", // tag section
+                                        Failure.Type.MALFORMED),
+                        binaryCase(
+                                        "Tag section - non-empty result type",
+                                        "non-empty tag result type: 1 should = 0",
+                                        // (module (tag (result i32)))
+                                        "00 61 73 6d 01 00 00 00 " +
+                                                        "01 05 01 60 00 01 7f " + // type section
+                                                        "0d 03 01 00 00", // tag section
+                                        Failure.Type.INVALID));
     }
 
     private final String expectedErrorMessage;
diff --git a/wasm/src/org.graalvm.wasm/src/org/graalvm/wasm/BinaryParser.java b/wasm/src/org.graalvm.wasm/src/org/graalvm/wasm/BinaryParser.java
@@ -450,14 +450,17 @@ private void readImportSection() {
                     break;
                 }
                 case ImportIdentifier.TAG: {
-                    final byte attribute = read1();
+                    if (!exceptions) {
+                        fail(Failure.MALFORMED_IMPORT_KIND, "Invalid import type identifier: 0x%02x", importType);
+                    }
+                    final byte attribute = readTagAttribute();
                     final int typeIndex = readTypeIndex();
                     final int tagIndex = module.symbolTable().tagCount();
                     module.symbolTable().importTag(moduleName, memberName, tagIndex, attribute, typeIndex);
                     break;
                 }
                 default: {
-                    fail(Failure.MALFORMED_IMPORT_KIND, "Invalid import type identifier: 0x%02X", importType);
+                    fail(Failure.MALFORMED_IMPORT_KIND, "Invalid import type identifier: 0x%02x", importType);
                 }
             }
         }
@@ -2932,12 +2935,15 @@ private void readExportSection() {
                     break;
                 }
                 case ExportIdentifier.TAG: {
+                    if (!exceptions) {
+                        fail(Failure.UNSPECIFIED_MALFORMED, "Invalid export type identifier: 0x%02x", exportType);
+                    }
                     final int index = readTagIndex();
                     module.symbolTable().exportTag(index, exportName);
                     break;
                 }
                 default: {
-                    fail(Failure.UNSPECIFIED_MALFORMED, "Invalid export type identifier: 0x%02X", exportType);
+                    fail(Failure.UNSPECIFIED_MALFORMED, "Invalid export type identifier: 0x%02x", exportType);
                 }
             }
         }
@@ -2950,8 +2956,7 @@ private void readTagSection() {
         for (int tagIndex = startingTagIndex; tagIndex != startingTagIndex + tagCount; tagIndex++) {
             assertTrue(!isEOF(), Failure.LENGTH_OUT_OF_BOUNDS);
             // 0x00 means exception
-            final byte attribute = read1();
-            assertByteEqual(attribute, (byte) WasmTag.Attribute.EXCEPTION, Failure.MALFORMED_TAG_ATTRIBUTE);
+            final byte attribute = readTagAttribute();
             final int type = readTypeIndex();
 
             module.symbolTable().allocateTag(tagIndex, attribute, type);
diff --git a/wasm/src/org.graalvm.wasm/src/org/graalvm/wasm/BinaryStreamParser.java b/wasm/src/org.graalvm.wasm/src/org/graalvm/wasm/BinaryStreamParser.java
@@ -204,7 +204,25 @@ protected byte peekMutability() {
         } else if (mut == GlobalModifier.MUTABLE) {
             return mut;
         } else {
-            throw Assert.fail(Failure.MALFORMED_MUTABILITY, "Invalid mutability flag: " + mut);
+            throw Assert.fail(Failure.MALFORMED_MUTABILITY, "Invalid mutability flag: 0x%02x", mut);
+        }
+    }
+
+    /**
+     * Reads the attribute of a tag (uint8).
+     */
+    protected byte readTagAttribute() {
+        final byte attribute = peekTagAttribute();
+        offset++;
+        return attribute;
+    }
+
+    protected byte peekTagAttribute() {
+        final byte attribute = peek1();
+        if (attribute == WasmTag.Attribute.EXCEPTION) {
+            return attribute;
+        } else {
+            throw Assert.fail(Failure.MALFORMED_TAG_ATTRIBUTE, "Invalid tag attribute: 0x%02x", attribute);
         }
     }
 
diff --git a/wasm/src/org.graalvm.wasm/src/org/graalvm/wasm/SymbolTable.java b/wasm/src/org.graalvm.wasm/src/org/graalvm/wasm/SymbolTable.java
@@ -1184,6 +1184,7 @@ public void importTag(String moduleName, String tagName, int index, byte attribu
     }
 
     void addTag(int index, byte attribute, int typeIndex) {
+        assertIntEqual(functionTypeResultCount(typeIndex), 0, Failure.NON_EMPTY_TAG_RESULT_TYPE);
         ensureTagCapacity(index);
         final TagInfo tag = new TagInfo(attribute, typeIndex);
         tags[index] = tag;
diff --git a/wasm/src/org.graalvm.wasm/src/org/graalvm/wasm/exception/Failure.java b/wasm/src/org.graalvm.wasm/src/org/graalvm/wasm/exception/Failure.java
@@ -76,6 +76,7 @@ public enum Failure {
     UNSPECIFIED_INVALID(Type.INVALID, "unspecified"),
     TYPE_MISMATCH(Type.INVALID, "type mismatch"),
     INVALID_RESULT_ARITY(Type.INVALID, "invalid result arity"),
+    NON_EMPTY_TAG_RESULT_TYPE(Type.INVALID, "non-empty tag result type"),
     MULTIPLE_MEMORIES(Type.INVALID, "multiple memories"),
     MULTIPLE_TABLES(Type.INVALID, "multiple tables"),
     LOOP_INPUT(Type.INVALID, "non-empty loop input type"),

Original file line number	Diff line number	Diff line change
`@@ -450,14 +450,17 @@ private void readImportSection() {`
`450`	`450`	`break;`
`451`	`451`	`}`
`452`	`452`	`case ImportIdentifier.TAG: {`
`453`		`- final byte attribute = read1();`
	`453`	`+ if (!exceptions) {`
	`454`	`+ fail(Failure.MALFORMED_IMPORT_KIND, "Invalid import type identifier: 0x%02x", importType);`
	`455`	`+ }`
	`456`	`+ final byte attribute = readTagAttribute();`
`454`	`457`	`final int typeIndex = readTypeIndex();`
`455`	`458`	`final int tagIndex = module.symbolTable().tagCount();`
`456`	`459`	`module.symbolTable().importTag(moduleName, memberName, tagIndex, attribute, typeIndex);`
`457`	`460`	`break;`
`458`	`461`	`}`
`459`	`462`	`default: {`
`460`		`- fail(Failure.MALFORMED_IMPORT_KIND, "Invalid import type identifier: 0x%02X", importType);`
	`463`	`+ fail(Failure.MALFORMED_IMPORT_KIND, "Invalid import type identifier: 0x%02x", importType);`
`461`	`464`	`}`
`462`	`465`	`}`
`463`	`466`	`}`
`@@ -2932,12 +2935,15 @@ private void readExportSection() {`
`2932`	`2935`	`break;`
`2933`	`2936`	`}`
`2934`	`2937`	`case ExportIdentifier.TAG: {`
	`2938`	`+ if (!exceptions) {`
	`2939`	`+ fail(Failure.UNSPECIFIED_MALFORMED, "Invalid export type identifier: 0x%02x", exportType);`
	`2940`	`+ }`
`2935`	`2941`	`final int index = readTagIndex();`
`2936`	`2942`	`module.symbolTable().exportTag(index, exportName);`
`2937`	`2943`	`break;`
`2938`	`2944`	`}`
`2939`	`2945`	`default: {`
`2940`		`- fail(Failure.UNSPECIFIED_MALFORMED, "Invalid export type identifier: 0x%02X", exportType);`
	`2946`	`+ fail(Failure.UNSPECIFIED_MALFORMED, "Invalid export type identifier: 0x%02x", exportType);`
`2941`	`2947`	`}`
`2942`	`2948`	`}`
`2943`	`2949`	`}`
`@@ -2950,8 +2956,7 @@ private void readTagSection() {`
`2950`	`2956`	`for (int tagIndex = startingTagIndex; tagIndex != startingTagIndex + tagCount; tagIndex++) {`
`2951`	`2957`	`assertTrue(!isEOF(), Failure.LENGTH_OUT_OF_BOUNDS);`
`2952`	`2958`	`// 0x00 means exception`
`2953`		`- final byte attribute = read1();`
`2954`		`- assertByteEqual(attribute, (byte) WasmTag.Attribute.EXCEPTION, Failure.MALFORMED_TAG_ATTRIBUTE);`
	`2959`	`+ final byte attribute = readTagAttribute();`
`2955`	`2960`	`final int type = readTypeIndex();`
`2956`	`2961`
`2957`	`2962`	`module.symbolTable().allocateTag(tagIndex, attribute, type);`
Original file line number	Diff line number	Diff line change
`@@ -1184,6 +1184,7 @@ public void importTag(String moduleName, String tagName, int index, byte attribu`
`1184`	`1184`	`}`
`1185`	`1185`
`1186`	`1186`	`void addTag(int index, byte attribute, int typeIndex) {`
	`1187`	`+ assertIntEqual(functionTypeResultCount(typeIndex), 0, Failure.NON_EMPTY_TAG_RESULT_TYPE);`
`1187`	`1188`	`ensureTagCapacity(index);`
`1188`	`1189`	`final TagInfo tag = new TagInfo(attribute, typeIndex);`
`1189`	`1190`	`tags[index] = tag;`