[wasm] Canonicalize function signature indices for matching in indirect calls.

src/wasm/module-decoder.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/wasm/module-decoder.h"
 
 #include "src/base/functional.h"
 #include "src/base/platform/platform.h"
 #include "src/flags.h"
 #include "src/macro-assembler.h"
@@ skipping 283 matching lines @@
                                          false});        // exported
             WasmFunction* function = &module->functions.back();
             function->sig_index = consume_sig_index(module, &function->sig);
             break;
           }
           case kExternalTable: {
             // ===== Imported table ==========================================
             import->index =
                 static_cast<uint32_t>(module->function_tables.size());
             module->function_tables.push_back(
-                {0, 0, std::vector<int32_t>(), true, false});
+                {0, 0, std::vector<int32_t>(), true, false, SignatureMap()});
             expect_u8("element type", 0x20);
             WasmIndirectFunctionTable* table = &module->function_tables.back();
             consume_resizable_limits("element count", "elements", kMaxUInt32,
                                      &table->size, &table->max_size);
             break;
           }
           case kExternalMemory: {
             // ===== Imported memory =========================================
             consume_resizable_limits(
                 "memory", "pages", WasmModule::kMaxLegalPages,
@@ skipping 41 matching lines @@
     }
 
     // ===== Table section ===================================================
     if (section_iter.section_code() == kTableSectionCode) {
       const byte* pos = pc_;
       uint32_t table_count = consume_u32v("table count");
       // Require at most one table for now.
       if (table_count > 1) {
         error(pos, pos, "invalid table count %d, maximum 1", table_count);
       }
+      if (module->function_tables.size() < 1) {
+        module->function_tables.push_back(
+            {0, 0, std::vector<int32_t>(), false, false, SignatureMap()});
+      }
 
       for (uint32_t i = 0; ok() && i < table_count; i++) {
-        module->function_tables.push_back(
-            {0, 0, std::vector<int32_t>(), false, false});
         WasmIndirectFunctionTable* table = &module->function_tables.back();
         expect_u8("table type", kWasmAnyFunctionTypeForm);
         consume_resizable_limits("table elements", "elements", kMaxUInt32,
                                  &table->size, &table->max_size);
       }
       section_iter.advance();
     }
 
     // ===== Memory section ==================================================
     if (section_iter.section_code() == kMemorySectionCode) {
@@ skipping 116 matching lines @@
       if (func && func->sig->parameter_count() > 0) {
         error(pos, "invalid start function: non-zero parameter count");
       }
       section_iter.advance();
     }
 
     // ===== Elements section ================================================
     if (section_iter.section_code() == kElementSectionCode) {
       uint32_t element_count = consume_u32v("element count");
       for (uint32_t i = 0; ok() && i < element_count; ++i) {
+        const byte* pos = pc();
         uint32_t table_index = consume_u32v("table index");
-        if (table_index != 0) error("illegal table index != 0");
+        if (table_index != 0) {
+          error(pos, pos, "illegal table index %u != 0", table_index);
+        }
+        WasmIndirectFunctionTable* table = nullptr;
+        if (table_index >= module->function_tables.size()) {
+          error(pos, pos, "out of bounds table index %u", table_index);
+        } else {
+          table = &module->function_tables[table_index];
+        }
         WasmInitExpr offset = consume_init_expr(module, kAstI32);
         uint32_t num_elem = consume_u32v("number of elements");
         std::vector<uint32_t> vector;
         module->table_inits.push_back({table_index, offset, vector});
         WasmTableInit* init = &module->table_inits.back();
         init->entries.reserve(SafeReserve(num_elem));
         for (uint32_t j = 0; ok() && j < num_elem; j++) {
           WasmFunction* func = nullptr;
-          init->entries.push_back(consume_func_index(module, &func));
+          uint32_t index = consume_func_index(module, &func);
+          init->entries.push_back(index);
+          if (table && index < module->functions.size()) {
+            // Canonicalize signature indices during decoding.
+            // TODO(titzer): suboptimal, redundant when verifying only.
+            table->map.FindOrInsert(module->functions[index].sig);
+          }
         }
       }
 
       section_iter.advance();
     }
 
     // ===== Code section ====================================================
     if (section_iter.section_code() == kCodeSectionCode) {
       const byte* pos = pc_;
       uint32_t functions_count = consume_u32v("functions count");
@@ skipping 594 matching lines @@
     decoder.consume_bytes(size);
   }
   if (decoder.more()) decoder.error("unexpected additional bytes");
 
   return decoder.toResult(std::move(table));
 }
 
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8