Skip to content

Crash and Assertion failed in wasm2js #2288

Closed
@gaintcome

Description

@gaintcome

Hi,

I observed two crash and assertion failed in wasm2js (based on commit 7773426). The poc files are attached.

How to reproduce:

 wasm2js poc 

poc.zip

Report of backtrace in gdb

Assertaion failed

#0  0x00007ffff6f78428 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff6f7a02a in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007ffff6f70bd7 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007ffff6f70c82 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4  0x0000000000f1bad3 in wasm::asmangle (name=<incomplete type>) at binaryen/src/asmjs/asmangle.cpp:26
#5  0x0000000000a982ee in wasm::Wasm2JSBuilder::fromName (this=0x7fffffffc718, name=..., scope=wasm::NameScope::Top)
    at binaryen/src/wasm2js.h:207
#6  0x0000000000a72a0c in wasm::Wasm2JSBuilder::processWasm (this=0x7fffffffc718, wasm=0x7fffffffd450, funcName=...)
    at binaryen/src/wasm2js.h:384
#7  0x0000000000a7ac9f in (anonymous namespace)::emitWasm (wasm=..., output=..., flags=..., options=..., name=...)
    at binaryen/src/tools/wasm2js.cpp:502
#8  0x0000000000a79bc2 in main (argc=0x2, argv=0x7fffffffdcb8) at binaryen/src/tools/wasm2js.cpp:925
#9  0x00007ffff6f63830 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x0000000000a71219 in _start ()

Crash

Stopped reason: SIGSEGV

#0  0x0000000000e561b4 in wasm::LocalSet::finalize (this=0x1486b40) at binaryen/src/wasm/wasm.cpp:465
#1  0x0000000000b13832 in wasm::Builder::makeLocalSet (this=0x7fffffffac78, index=0x0, value=0x0) at binaryen/src/wasm-builder.h:244
#2  0x0000000000f2dbe9 in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier::visitLocalSet(wasm::LocalSet*) (this=0x7fffffffac50, curr=0x7ffff0000b10) at binaryen/src/ir/ExpressionManipulator.cpp:96
#3  0x0000000000f2d25b in wasm::Visitor<wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier, wasm::Expression*>::visit(wasm::Expression*) (this=0x7fffffffac50, curr=0x7ffff0000b10) at binaryen/src/wasm-traversal.h:112
#4  0x0000000000f2cfb0 in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier::copy(wasm::Expression*) (this=0x7fffffffac50, curr=0x7ffff0000b10) at binaryen/src/ir/ExpressionManipulator.cpp:44
#5  0x0000000000f2d63f in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier::visitBlock(wasm::Block*) (this=0x7fffffffac50, curr=0x7ffff0000b48) at binaryen/src/ir/ExpressionManipulator.cpp:50
#6  0x0000000000f2d17b in wasm::Visitor<wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier, wasm::Expression*>::visit(wasm::Expression*) (this=0x7fffffffac50, curr=0x7ffff0000b48) at binaryen/src/wasm-traversal.h:96
#7  0x0000000000f2cfb0 in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier::copy(wasm::Expression*) (this=0x7fffffffac50, curr=0x7ffff0000b48) at binaryen/src/ir/ExpressionManipulator.cpp:44
#8  0x0000000000f2ce73 in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>) (original=0x7ffff0000b48, 
    wasm=..., custom=...) at binaryen/src/ir/ExpressionManipulator.cpp:229
#9  0x0000000000c34fbd in wasm::ExpressionManipulator::copy (original=0x7ffff0000b48, wasm=...) at binaryen/src/ir/manipulation.h:62
#10 0x0000000000c34cc1 in wasm::ModuleUtils::copyFunction (func=0x14673e0, out=...) at binaryen/src/ir/module-utils.h:99
#11 0x0000000000c3475d in wasm::I64ToI32Lowering::doWalkFunction (this=0x1469ca0, func=0x14673e0)
    at binaryen/src/passes/I64ToI32Lowering.cpp:176
#12 0x0000000000c21ae3 in wasm::Walker<wasm::I64ToI32Lowering, wasm::Visitor<wasm::I64ToI32Lowering, void> >::walkFunction (this=0x1469cc8, func=0x14673e0)
    at binaryen/src/wasm-traversal.h:504
#13 0x0000000000c210ac in wasm::Walker<wasm::I64ToI32Lowering, wasm::Visitor<wasm::I64ToI32Lowering, void> >::doWalkModule (this=0x1469cc8, module=0x7fffffffd460)
    at binaryen/src/wasm-traversal.h:569
#14 0x0000000000c20bfe in wasm::I64ToI32Lowering::doWalkModule (this=0x1469ca0, module=0x7fffffffd460)
    at binaryen/src/passes/I64ToI32Lowering.cpp:147
#15 0x0000000000c206a3 in wasm::Walker<wasm::I64ToI32Lowering, wasm::Visitor<wasm::I64ToI32Lowering, void> >::walkModule (this=0x1469cc8, module=0x7fffffffd460)
    at binaryen/src/wasm-traversal.h:543
#16 0x0000000000c1c75f in wasm::WalkerPass<wasm::PostWalker<wasm::I64ToI32Lowering, wasm::Visitor<wasm::I64ToI32Lowering, void> > >::run (this=0x1469ca0, runner=0x7fffffffc4a8, 
    module=0x7fffffffd460) at binaryen/src/pass.h:331
#17 0x0000000000b062a8 in wasm::PassRunner::runPass (this=0x7fffffffc4a8, pass=0x1469ca0) at binaryen/src/passes/pass.cpp:685
#18 0x0000000000b05cc0 in wasm::PassRunner::run (this=0x7fffffffc4a8) at binaryen/src/passes/pass.cpp:563
#19 0x0000000000a722bf in wasm::Wasm2JSBuilder::processWasm (this=0x7fffffffc728, wasm=0x7fffffffd460, funcName=...)
    at binaryen/src/wasm2js.h:332
#20 0x0000000000a7ac9f in (anonymous namespace)::emitWasm (wasm=..., output=..., flags=..., options=..., name=...)
    at binaryen/src/tools/wasm2js.cpp:502
#21 0x0000000000a79bc2 in main (argc=0x2, argv=0x7fffffffdcc8) at binaryen/src/tools/wasm2js.cpp:925
#22 0x00007ffff6f63830 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#23 0x0000000000a71219 in _start ()

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions