CloudEdge/wasm-micro-runtime
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add fast interpreter offset overflow check (#1076)

Browse Source 
* check fast interpreter offset overflow
This commit is contained in:
Xu Jun 2022-04-07 21:07:32 +08:00 committed by GitHub
parent ea63ba4bd0
commit fd9cce0eef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
core/iwasm/interpreter/wasm_loader.c
View File

@ -5317,8 +5317,12 @@ wasm_loader_push_frame_offset(WASMLoaderContext *ctx, uint8 type,
emit_operand(ctx, ctx->dynamic_offset); emit_operand(ctx, ctx->dynamic_offset);
*(ctx->frame_offset)++ = ctx->dynamic_offset; *(ctx->frame_offset)++ = ctx->dynamic_offset;
ctx->dynamic_offset++; ctx->dynamic_offset++;
if (ctx->dynamic_offset > ctx->max_dynamic_offset) if (ctx->dynamic_offset > ctx->max_dynamic_offset) {
ctx->max_dynamic_offset = ctx->dynamic_offset; ctx->max_dynamic_offset = ctx->dynamic_offset;
if (ctx->max_dynamic_offset >= INT16_MAX) {
goto fail;
}
}
} }
if (is_32bit_type(type)) if (is_32bit_type(type))
@ -5332,10 +5336,19 @@ wasm_loader_push_frame_offset(WASMLoaderContext *ctx, uint8 type,
ctx->frame_offset++; ctx->frame_offset++;
if (!disable_emit) { if (!disable_emit) {
ctx->dynamic_offset++; ctx->dynamic_offset++;
if (ctx->dynamic_offset > ctx->max_dynamic_offset) if (ctx->dynamic_offset > ctx->max_dynamic_offset) {
ctx->max_dynamic_offset = ctx->dynamic_offset; ctx->max_dynamic_offset = ctx->dynamic_offset;
if (ctx->max_dynamic_offset >= INT16_MAX) {
goto fail;
}
}
} }
return true; return true;
fail:
set_error_buf(error_buf, error_buf_size,
"fast interpreter offset overflow");
return false;
} }
/* This function should be in front of wasm_loader_pop_frame_ref /* This function should be in front of wasm_loader_pop_frame_ref

8
core/iwasm/interpreter/wasm_mini_loader.c
View File

@ -3844,8 +3844,10 @@ wasm_loader_push_frame_offset(WASMLoaderContext *ctx, uint8 type,
emit_operand(ctx, ctx->dynamic_offset); emit_operand(ctx, ctx->dynamic_offset);
*(ctx->frame_offset)++ = ctx->dynamic_offset; *(ctx->frame_offset)++ = ctx->dynamic_offset;
ctx->dynamic_offset++; ctx->dynamic_offset++;
if (ctx->dynamic_offset > ctx->max_dynamic_offset) if (ctx->dynamic_offset > ctx->max_dynamic_offset) {
ctx->max_dynamic_offset = ctx->dynamic_offset; ctx->max_dynamic_offset = ctx->dynamic_offset;
bh_assert(ctx->max_dynamic_offset < INT16_MAX);
}
} }
if (is_32bit_type(type)) if (is_32bit_type(type))
@ -3859,8 +3861,10 @@ wasm_loader_push_frame_offset(WASMLoaderContext *ctx, uint8 type,
ctx->frame_offset++; ctx->frame_offset++;
if (!disable_emit) { if (!disable_emit) {
ctx->dynamic_offset++; ctx->dynamic_offset++;
if (ctx->dynamic_offset > ctx->max_dynamic_offset) if (ctx->dynamic_offset > ctx->max_dynamic_offset) {
ctx->max_dynamic_offset = ctx->dynamic_offset; ctx->max_dynamic_offset = ctx->dynamic_offset;
bh_assert(ctx->max_dynamic_offset < INT16_MAX);
}
} }
return true; return true;
} }