Fix 2 binary fuzz bugs (#1323)

 * Check if there is a currFunction before using it (we need it for some stacky code; a valid wasm wouldn't need a function in that location anyhow, as what can be put in a memory/table offset is very limited).
 * Huge alignment led us to do a power of 2 shift that is undefined behavior.

Also adds a test facility to check we don't crash on testcases.

Author: kripken

check.py

@@ -194,6 +194,17 @@ def run_wasm_merge_tests():
           with open(out + '.stdout') as f:
             fail_if_not_identical(f.read(), stdout)
 
+def run_crash_tests():
+  print "\n[ checking we don't crash on tricky inputs... ]\n"
+
+  for t in os.listdir(os.path.join('test', 'crash')):
+    if t.endswith(('.wast', '.wasm')):
+      print '..', t
+      t = os.path.join('test', 'crash', t)
+      cmd = WASM_OPT + [t]
+      # expect a parse error to be reported
+      run_command(cmd, expected_err='parse exception:', err_contains=True, expected_status=1)
+
 def run_ctor_eval_tests():
   print '\n[ checking wasm-ctor-eval... ]\n'
 
@@ -576,6 +587,7 @@ def main():
   asm2wasm.test_asm2wasm_binary()
   run_wasm_dis_tests()
   run_wasm_merge_tests()
+  run_crash_tests()
   run_ctor_eval_tests()
   run_wasm_metadce_tests()
   if has_shell_timeout():

src/wasm/wasm-binary.cpp

@@ -2202,6 +2202,9 @@ void WasmBinaryBuilder::pushBlockElements(Block* curr, size_t start, size_t end)
   expressionStack.resize(start);
   // if we have a consumable item and need it, use it
   if (consumable != NONE && curr->list.back()->type == none) {
+    if (!currFunction) {
+      throw ParseException("need an extra var in a non-function context, invalid wasm");
+    }
     Builder builder(wasm);
     auto* item = curr->list[consumable]->cast<Drop>()->value;
     auto temp = builder.addVar(currFunction, item->type);
@@ -2464,7 +2467,9 @@ void WasmBinaryBuilder::visitSetGlobal(SetGlobal *curr) {
 }
 
 void WasmBinaryBuilder::readMemoryAccess(Address& alignment, size_t bytes, Address& offset) {
-  alignment = Pow2(getU32LEB());
+  auto rawAlignment = getU32LEB();
+  if (rawAlignment > 4) throw ParseException("Alignment must be of a reasonable size");
+  alignment = Pow2(rawAlignment);
   offset = getU32LEB();
 }