Home Verkennen Help
Inloggen
bytecodealliance
/
wasm-micro-runtime
spiegel van https://github-proxy.rt-thread.io/bytecodealliance/wasm-micro-runtime.git
2
0
Vork 0
Bestanden Issues 0 Wiki
Bladeren bron

fix potential overflow in memory size calculation (#4549)

Signed-off-by: zhenweijin <zhenwei.jin@intel.com>
Zhenwei Jin 6 maanden geleden
bovenliggende
6c3f6fd017
commit
d55852d992
2 gewijzigde bestanden met toevoegingen van 6 en 6 verwijderingen
Gecombineerde weergave Toon Diff Stats
  1. 3 3
      core/iwasm/aot/aot_runtime.c
  2. 3 3
      core/iwasm/interpreter/wasm_runtime.c

+ 3 - 3
core/iwasm/aot/aot_runtime.c
Bestand weergeven 

@@ -1026,14 +1026,14 @@ memory_instantiate(AOTModuleInstance *module_inst, AOTModuleInstance *parent,
 
         /* If only one page and at most one page, we just append
 
         /* If only one page and at most one page, we just append
 
            the app heap to the end of linear memory, enlarge the
 
            the app heap to the end of linear memory, enlarge the
 
            num_bytes_per_page, and don't change the page count */
 
            num_bytes_per_page, and don't change the page count */
 
-        heap_offset = num_bytes_per_page;
 
-        num_bytes_per_page += heap_size;
 
-        if (num_bytes_per_page < heap_size) {
 
+        if (heap_size > UINT32_MAX - num_bytes_per_page) {
 
             set_error_buf(error_buf, error_buf_size,
 
             set_error_buf(error_buf, error_buf_size,
 
                           "failed to insert app heap into linear memory, "
 
                           "failed to insert app heap into linear memory, "
 
                           "try using `--heap-size=0` option");
 
                           "try using `--heap-size=0` option");
 
             return NULL;
 
             return NULL;
 
         }
 
         }
 
+        heap_offset = num_bytes_per_page;
 
+        num_bytes_per_page += heap_size;
 
     }
 
     }
 
     else if (heap_size > 0) {
 
     else if (heap_size > 0) {
 
         if (init_page_count == max_page_count && init_page_count == 0) {
 
         if (init_page_count == max_page_count && init_page_count == 0) {

+ 3 - 3
core/iwasm/interpreter/wasm_runtime.c
Bestand weergeven 

@@ -335,14 +335,14 @@ memory_instantiate(WASMModuleInstance *module_inst, WASMModuleInstance *parent,
 
             /* If only one page and at most one page, we just append
 
             /* If only one page and at most one page, we just append
 
                the app heap to the end of linear memory, enlarge the
 
                the app heap to the end of linear memory, enlarge the
 
                num_bytes_per_page, and don't change the page count */
 
                num_bytes_per_page, and don't change the page count */
 
-            heap_offset = num_bytes_per_page;
 
-            num_bytes_per_page += heap_size;
 
-            if (num_bytes_per_page < heap_size) {
 
+            if (heap_size > UINT32_MAX - num_bytes_per_page) {
 
                 set_error_buf(error_buf, error_buf_size,
 
                 set_error_buf(error_buf, error_buf_size,
 
                               "failed to insert app heap into linear memory, "
 
                               "failed to insert app heap into linear memory, "
 
                               "try using `--heap-size=0` option");
 
                               "try using `--heap-size=0` option");
 
                 return NULL;
 
                 return NULL;
 
             }
 
             }
 
+            heap_offset = num_bytes_per_page;
 
+            num_bytes_per_page += heap_size;
 
         }
 
         }
 
         else if (heap_size > 0) {
 
         else if (heap_size > 0) {
 
             if (init_page_count == max_page_count && init_page_count == 0) {
 
             if (init_page_count == max_page_count && init_page_count == 0) {