Fix Wasm translator to handle loop parameters on br_table default target.

Similar to an earlier issue for ordinary branches (fixed in PR #1833), the cranelift-wasm crate did not previously correctly translate a br_table instruction's default-target branch when the branch target was a loop with loop parameters. The mistranslated CLIF resulted in a validation error. This one-line fix simply fills in the correct parameter count, generating a jump instruction with the appropriate parameters from the stack. This issue was found by :decoder in the SpiderMonkey embedding of Cranelift, in https://bugzilla.mozilla.org/show_bug.cgi?id=1657062. The test case is from that bug report.
2020-08-04 16:44:22 -07:00
parent 3d2e0e55f2
commit 6ad0b04f05
2 changed files with 641 additions and 1 deletions
--- a/cranelift/wasm/src/code_translator.rs
+++ b/cranelift/wasm/src/code_translator.rs
@@ -395,7 +395,7 @@ pub fn translate_operator<FE: FuncEnvironment + ?Sized>(
                let i = state.control_stack.len() - 1 - (min_depth as usize);
                let min_depth_frame = &state.control_stack[i];
                if min_depth_frame.is_loop() {
-                    0
+                    min_depth_frame.num_param_values()
                } else {
                    min_depth_frame.num_return_values()
                }