CloudEdge/wasm-micro-runtime
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refine is_xip_file and pointer range check (#965)

Browse Source 
Refine is_xip_file check, when e_type isn't E_TYPE_XIP, just return false
and no need to go through all the other sections of the AOT file.

Refine pointer range check, convert pointer to uintptr_t type before
comparison to yield possible sanitizer pointer overflow error.
This commit is contained in:
Wenyong Huang 2022-01-18 11:05:58 +08:00 committed by GitHub
parent 552f85075d
commit 8088783775
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/iwasm/aot/aot_loader.c
View File

@ -90,7 +90,8 @@ static bool
check_buf(const uint8 *buf, const uint8 *buf_end, uint32 length,
char *error_buf, uint32 error_buf_size)
{
if (buf + length < buf || buf + length > buf_end) {
if ((uintptr_t)buf + length < (uintptr_t)buf
|| (uintptr_t)buf + length > (uintptr_t)buf_end) {
set_error_buf(error_buf, error_buf_size, "unexpect end");
return false;
}

13
core/iwasm/common/wasm_runtime_common.c
View File

@ -305,10 +305,11 @@ align_ptr(const uint8 *p, uint32 b)
return (uint8 *)((v + m) & ~m);
}
#define CHECK_BUF(buf, buf_end, length) \
do { \
if (buf + length < buf || buf + length > buf_end) \
return false; \
#define CHECK_BUF(buf, buf_end, length) \
do { \
if ((uintptr_t)buf + length < (uintptr_t)buf \
|| (uintptr_t)buf + length > (uintptr_t)buf_end) \
return false; \
} while (0)
#define read_uint16(p, p_end, res) \
@ -347,9 +348,7 @@ wasm_runtime_is_xip_file(const uint8 *buf, uint32 size)
if (section_type == AOT_SECTION_TYPE_TARGET_INFO) {
p += 4;
read_uint16(p, p_end, e_type);
if (e_type == E_TYPE_XIP) {
return true;
}
return (e_type == E_TYPE_XIP) ? true : false;
}
else if (section_type >= AOT_SECTION_TYPE_SIGANATURE) {
return false;

6
core/iwasm/interpreter/wasm_loader.c
View File

@ -47,7 +47,8 @@ static bool
check_buf(const uint8 *buf, const uint8 *buf_end, uint32 length,
char *error_buf, uint32 error_buf_size)
{
if (buf + length < buf || buf + length > buf_end) {
if ((uintptr_t)buf + length < (uintptr_t)buf
|| (uintptr_t)buf + length > (uintptr_t)buf_end) {
set_error_buf(error_buf, error_buf_size,
"unexpected end of section or function");
return false;
@ -59,7 +60,8 @@ static bool
check_buf1(const uint8 *buf, const uint8 *buf_end, uint32 length,
char *error_buf, uint32 error_buf_size)
{
if (buf + length < buf || buf + length > buf_end) {
if ((uintptr_t)buf + length < (uintptr_t)buf
|| (uintptr_t)buf + length > (uintptr_t)buf_end) {
set_error_buf(error_buf, error_buf_size, "unexpected end");
return false;
}

15
product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp
View File

@ -131,10 +131,11 @@ align_ptr(const uint8 *p, uint32 b)
#define AOT_SECTION_TYPE_SIGANATURE 6
#define E_TYPE_XIP 4
#define CHECK_BUF(buf, buf_end, length) \
do { \
if (buf + length < buf || buf + length > buf_end) \
return false; \
#define CHECK_BUF(buf, buf_end, length) \
do { \
if ((uintptr_t)buf + length < (uintptr_t)buf \
|| (uintptr_t)buf + length > (uintptr_t)buf_end) \
return false; \
} while (0)
#define read_uint16(p, p_end, res) \
@ -162,6 +163,7 @@ is_xip_file(const uint8 *buf, uint32 size)
if (get_package_type(buf, size) != Wasm_Module_AoT)
return false;
CHECK_BUF(p, p_end, 8);
p += 8;
while (p < p_end) {
@ -172,15 +174,14 @@ is_xip_file(const uint8 *buf, uint32 size)
if (section_type == AOT_SECTION_TYPE_TARGET_INFO) {
p += 4;
read_uint16(p, p_end, e_type);
if (e_type == E_TYPE_XIP) {
return true;
}
return (e_type == E_TYPE_XIP) ? true : false;
}
else if (section_type >= AOT_SECTION_TYPE_SIGANATURE) {
return false;
}
p += section_size;
}
return false;
}