[Bug] Assertion failed false in wabt::Decompiler::DecompileExpr #2677
Description
Description
We encountered a SIGABRT (Assertion Failure) in wasm-decompile. The crash occurs within wabt::Decompiler::DecompileExpr when attempting to process a malformed WebAssembly binary.
The assertion false fails at decompiler.cc:414. This typically indicates that the decompiler encountered an AST node type that is not handled in the DecompileExpr switch statement, causing execution to fall through to a default "unreachable" case.
Environment
- OS: Linux x86_64
- Complier: Clang
- Tools: gdb
Vulnerability Details
- Target: wasm-decompile
- Crash Type: Assertion Failure (SIGABRT)
- Location:src/decompiler.cc:414
- Function: std::string wabt::Decompiler::DecompileExpr(const Node&, const Node*)
- Assertion: Assertion false failed
- Root Cause Analysis: The stack trace shows recursive calls to DecompileExpr, ending in the assertion failure. Line 414 in decompiler.cc likely resides in the default case of a switch statement handling ExprType or NodeType. The decompiler successfully parsed the binary into an internal AST, but when converting a specific expression back to text code, it encountered a node variant it doesn't know how to handle, triggering the failsafe assertion.
Reproduce
gdb --args ./wasm-decompile ./repro
r
bt
Download Link: repro
Stack Trace (GDB)
wasm-decompile: /src/wabt/src/decompiler.cc:414: Value wabt::Decompiler::DecompileExpr(const Node &, const Node *): Assertion `false' failed.
Program received signal SIGABRT, Aborted.
0x00007f4b087c3b2c in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007f4b087c3b2c in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007f4b0876a27e in raise () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007f4b0874d8ff in abort () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007f4b0874d81b in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x00007f4b08760517 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00005623b4da7665 in wabt::Decompiler::DecompileExpr (this=<optimized out>, n=...,
parent=<optimized out>) at /src/wabt/src/decompiler.cc:414
#6 0x00005623b4d9fc5e in wabt::Decompiler::DecompileExpr (this=<optimized out>, n=...,
parent=<optimized out>) at /src/wabt/src/decompiler.cc:357
#7 0x00005623b4d9fc5e in wabt::Decompiler::DecompileExpr (this=<optimized out>, n=...,
parent=<optimized out>) at /src/wabt/src/decompiler.cc:357
#8 0x00005623b4d9fc5e in wabt::Decompiler::DecompileExpr (this=<optimized out>, n=...,
parent=<optimized out>) at /src/wabt/src/decompiler.cc:357
#9 0x00005623b4d9fc5e in wabt::Decompiler::DecompileExpr (this=<optimized out>, n=...,
parent=<optimized out>) at /src/wabt/src/decompiler.cc:357
#10 0x00005623b4d9fc5e in wabt::Decompiler::DecompileExpr (this=<optimized out>, n=...,
parent=<optimized out>) at /src/wabt/src/decompiler.cc:357
#11 0x00005623b4d9fc5e in wabt::Decompiler::DecompileExpr (this=<optimized out>, n=...,
parent=<optimized out>) at /src/wabt/src/decompiler.cc:357
#12 0x00005623b4d9fc5e in wabt::Decompiler::DecompileExpr (this=<optimized out>, n=...,
parent=<optimized out>) at /src/wabt/src/decompiler.cc:357
#13 0x00005623b4d94ad6 in wabt::Decompiler::Decompile[abi:cxx11]() (this=<optimized out>)
at /src/wabt/src/decompiler.cc:832
#14 0x00005623b4d8f1f5 in wabt::Decompile[abi:cxx11](wabt::Module const&, wabt::DecompileOptions const&) (
module=..., options=...) at /src/wabt/src/decompiler.cc:861
#15 0x00005623b4cde47e in ProgramMain (argc=<optimized out>, argv=<optimized out>)
at /src/wabt/src/tools/wasm-decompile.cc:103
#16 0x00007f4b0874f1ca in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#17 0x00007f4b0874f28b in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#18 0x00005623b4bf9645 in _start ()