From 901d707617c2cb74548399b4a05484de770eb3ce Mon Sep 17 00:00:00 2001 From: Aizal Khan Date: Thu, 25 Jun 2026 23:29:37 +0530 Subject: [PATCH] [interp] Stop on first error in the binary reader fuzzer The interp binary reader is only meant to read valid modules. In collect-all-errors mode (stop_on_first_error=false) the SharedValidator keeps counting declarations the reader has already rejected, so the reader's func_types_/module_.funcs vectors and the validator's counts drift apart and later callbacks index past the end. read_binary_interp_fuzzer.cc was the only caller running the interp reader in that mode. Stop on the first error like every other interp reader caller, so the reader is no longer driven over invalid modules. --- fuzzers/read_binary_interp_fuzzer.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fuzzers/read_binary_interp_fuzzer.cc b/fuzzers/read_binary_interp_fuzzer.cc index ebb95440ac..c8144afd82 100644 --- a/fuzzers/read_binary_interp_fuzzer.cc +++ b/fuzzers/read_binary_interp_fuzzer.cc @@ -33,8 +33,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (data_provider.ConsumeBool()) { features.enable_##variable(); } #include "wabt/feature.def" #undef WABT_FEATURE - // Add only feature related options, but no logging, stop_on_first_error, etc. - wabt::ReadBinaryOptions options(features, nullptr, false, false, false); + // Add only feature related options, but no logging etc. The interp reader is + // only meant to read valid modules, so stop on the first error instead of + // continuing in collect-all-errors mode (the validator keeps counting + // declarations the reader has already rejected, leaving its vectors and the + // validator's counts out of step). + wabt::ReadBinaryOptions options(features, nullptr, false, true, false); std::vector text = data_provider.ConsumeRemainingBytes(); ReadBinaryInterp("", text.data(), text.size(), options, &errors, &module);