[wasm] Fix decoding of shared global index space

src/wasm/module-decoder.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/wasm/module-decoder.h"
 
 #include "src/base/functional.h"
 #include "src/base/platform/platform.h"
 #include "src/flags.h"
 #include "src/macro-assembler.h"
@@ skipping 379 matching lines @@
         consume_resizable_limits("memory", "pages", WasmModule::kMaxLegalPages,
                                  &module->min_mem_pages,
                                  &module->max_mem_pages);
       }
       section_iter.advance();
     }
 
     // ===== Global section ==================================================
     if (section_iter.section_code() == kGlobalSectionCode) {
       uint32_t globals_count = consume_u32v("globals count");
-      module->globals.reserve(SafeReserve(globals_count));
+      uint32_t imported_globals = static_cast<uint32_t>(module->globals.size());
+      if (!IsWithinLimit(std::numeric_limits<int32_t>::max(), globals_count,
+                         imported_globals)) {
+        error(pos, pos, "too many imported+defined globals: %u + %u",
+              imported_globals, globals_count);
+      }
+      module->globals.reserve(SafeReserve(imported_globals + globals_count));
       for (uint32_t i = 0; ok() && i < globals_count; ++i) {
         TRACE("DecodeGlobal[%d] module+%d\n", i,
               static_cast<int>(pc_ - start_));
         // Add an uninitialized global and pass a pointer to it.
         module->globals.push_back(
             {kAstStmt, false, WasmInitExpr(), 0, false, false});
         WasmGlobal* global = &module->globals.back();
-        DecodeGlobalInModule(module, i, global);
+        DecodeGlobalInModule(module, i + imported_globals, global);
       }
       section_iter.advance();
     }
 
     // ===== Export section ==================================================
     if (section_iter.section_code() == kExportSectionCode) {
       uint32_t export_table_count = consume_u32v("export table count");
       module->export_table.reserve(SafeReserve(export_table_count));
       for (uint32_t i = 0; ok() && i < export_table_count; ++i) {
         TRACE("DecodeExportTable[%d] module+%d\n", i,
@@ skipping 243 matching lines @@
   void DecodeGlobalInModule(WasmModule* module, uint32_t index,
                             WasmGlobal* global) {
     global->type = consume_value_type();
     global->mutability = consume_u8("mutability") != 0;
     const byte* pos = pc();
     global->init = consume_init_expr(module, kAstStmt);
     switch (global->init.kind) {
       case WasmInitExpr::kGlobalIndex: {
         uint32_t other_index = global->init.val.global_index;
         if (other_index >= index) {
-          error("invalid global index in init expression");
+          error(pos, pos,
+                "invalid global index in init expression, "
+                "index %u, other_index %u",
+                index, other_index);
         } else if (module->globals[other_index].type != global->type) {
           error(pos, pos,
                 "type mismatch in global initialization "
                 "(from global #%u), expected %s, got %s",
                 other_index, WasmOpcodes::TypeName(global->type),
                 WasmOpcodes::TypeName(module->globals[other_index].type));
         }
         break;
       }
       default:
@@ skipping 455 matching lines @@
     decoder.consume_bytes(size);
   }
   if (decoder.more()) decoder.error("unexpected additional bytes");
 
   return decoder.toResult(std::move(table));
 }
 
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8