Validate that names are valid UTF-8 (WebAssembly#6682)

Add an `isUTF8` utility and use it in both the text and binary parsers.
Add missing checks for overlong encodings and overlarge code points in
our WTF8 reader, which the new utility uses. Re-enable the spec tests
that test UTF-8 validation.

scripts/test/shared.py

@@ -400,10 +400,6 @@ def get_tests(test_dir, extensions=[], recursive=False):
 # expected-output/ if any.
 SPEC_TESTS_TO_SKIP = [
     # Malformed module accepted
-    'utf8-custom-section-id.wast',
-    'utf8-import-field.wast',
-    'utf8-import-module.wast',
-    'utf8-invalid-encoding.wast',
     'const.wast',
     'address.wast',
 

src/parser/lexer.h

@@ -25,6 +25,7 @@
 
 #include "support/name.h"
 #include "support/result.h"
+#include "support/string.h"
 
 #ifndef parser_lexer_h
 #define parser_lexer_h
@@ -124,11 +125,11 @@ struct Lexer {
   std::optional<std::string> takeString();
 
   std::optional<Name> takeName() {
-    // TODO: Validate UTF.
-    if (auto str = takeString()) {
-      return Name(*str);
+    auto str = takeString();
+    if (!str || !String::isUTF8(*str)) {
+      return std::nullopt;
     }
-    return std::nullopt;
+    return Name(*str);
   }
 
   bool takeSExprStart(std::string_view expected) {

src/support/string.cpp

@@ -195,9 +195,21 @@ std::optional<uint32_t> takeWTF8CodePoint(std::string_view& str) {
   }
 
   str = str.substr(1 + trailingBytes);
+
   if (!valid) {
     return std::nullopt;
   }
+
+  size_t expectedTrailing = u < 0x80       ? 0
+                            : u < 0x800    ? 1
+                            : u < 0x10000  ? 2
+                            : u < 0x110000 ? 3
+                                           : -1;
+  if (trailingBytes != expectedTrailing) {
+    // Overlong encoding or overlarge code point.
+    return std::nullopt;
+  }
+
   return u;
 }
 
@@ -404,4 +416,14 @@ std::ostream& printEscapedJSON(std::ostream& os, std::string_view str) {
   return os << '"';
 }
 
+bool isUTF8(std::string_view str) {
+  while (str.size()) {
+    auto u = takeWTF8CodePoint(str);
+    if (!u || (0xD800 <= *u && *u < 0xE000)) {
+      return false;
+    }
+  }
+  return true;
+}
+
 } // namespace wasm::String

src/support/string.h

@@ -99,6 +99,9 @@ bool convertWTF16ToWTF8(std::ostream& os, std::string_view str);
 // unit. Returns `true` if the input was valid UTF-16.
 bool convertUTF16ToUTF8(std::ostream& os, std::string_view str);
 
+// Whether the string is valid UTF-8.
+bool isUTF8(std::string_view str);
+
 } // namespace wasm::String
 
 #endif // wasm_support_string_h

src/wasm-binary.h

@@ -1505,7 +1505,7 @@ class WasmBinaryReader {
   HeapType getIndexedHeapType();
 
   Type getConcreteType();
-  Name getInlineString();
+  Name getInlineString(bool requireValid = true);
   void verifyInt8(int8_t x);
   void verifyInt16(int16_t x);
   void verifyInt32(int32_t x);

src/wasm/wasm-binary.cpp

@@ -2201,11 +2201,13 @@ Type WasmBinaryReader::getConcreteType() {
   return type;
 }
 
-Name WasmBinaryReader::getInlineString() {
+Name WasmBinaryReader::getInlineString(bool requireValid) {
   BYN_TRACE("<==\n");
   auto len = getU32LEB();
   auto data = getByteView(len);
-
+  if (requireValid && !String::isUTF8(data)) {
+    throwError("invalid UTF-8 string");
+  }
   BYN_TRACE("getInlineString: " << data << " ==>\n");
   return Name(data);
 }
@@ -3027,7 +3029,7 @@ void WasmBinaryReader::readStrings() {
   }
   size_t num = getU32LEB();
   for (size_t i = 0; i < num; i++) {
-    auto string = getInlineString();
+    auto string = getInlineString(false);
     // Re-encode from WTF-8 to WTF-16.
     std::stringstream wtf16;
     if (!String::convertWTF8ToWTF16(wtf16, string.str)) {