Fix several issues found by fuzzing

[Mem2019]

Fixes #1922
Fixes #1924
Fixes #1929

[sbc100]

Could you update the title so be a little more specific. Perhaps "Fix several issues found by fuzzing", and the you can do "Fixes #xxx, #yyy" in the description so have github automatically close those issue.

[keithw]

@Mem2019 Thank you for fixing these! Do you have cycles to make the changes requested in the review and get this merged? Would be great to have this in...

[keithw]

@sbc100 In an effort to get these issues closed, I made the requested changes and confirmed that the four regression tests fail before the patch is applied (and pass afterwards). Will plan to merge early next week unless you want to take another look.

[sbc100]

I wonder if these checks should be in the validator instead?

[sbc100]

Actually it looks like we already have this code above, can we call this instead?

CHECK_RESULT(
     validator_.OnCall(GetLocation(), Var(func_index, GetLocation())));		    

(edit: actually I guess not because that is validating func_index and not sig_index)

[keithw]

Ah, good point. I changed them to use validator_.OnReturnCall and validator_.OnReturnCallIndirect which looks like what it should have been doing all along.

[sbc100]

I wonder if that fact that we were missing those validation checks means there are some tests that are missing from the spec tests? i.e. why didn't the spec tests find these? I'm they are missing from the spec tests we should followup by filing bugs upstream and eventually remove these downstream tests.

[keithw]

I wonder if that fact that we were missing those validation checks means there are some tests that are missing from the spec tests? i.e. why didn't the spec tests find these?

I looked into this. In this case, the tail-call proposal tests would have caught these binary-reader-interp bugs (causing a segfault or asan failure). But we're not running the tail-call proposal tests because (I guess?) the interpreter doesn't support tail calls yet. :-(