Home Explore Help
Sign In
bytecodealliance
/
wasm-micro-runtime
mirror of https://github-proxy.rt-thread.io/bytecodealliance/wasm-micro-runtime.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Check possible integer overflow in aot memory boundary check (#3920)

Check possible integer overflow in aot memory boundary check when
the wasm memory is 64-bit.
TianlongLiang 1 year ago
parent
f1d03db8e5
commit
62aca17279
1 changed files with 33 additions and 5 deletions
Split View Show Diff Stats
  1. 33 5
      core/iwasm/compilation/aot_emit_memory.c

+ 33 - 5
core/iwasm/compilation/aot_emit_memory.c
View File 

@@ -273,10 +273,24 @@ aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
 
     }
 
 
     /* offset1 = offset + addr; */
 
-    /* TODO: check whether integer overflow occurs when memory is 64-bit
 
-             and boundary check is enabled */
 
     BUILD_OP(Add, offset_const, addr, offset1, "offset1");
 
 
+    if (is_memory64 && comp_ctx->enable_bound_check) {
 
+        /* Check whether integer overflow occurs in offset + addr */
 
+        LLVMBasicBlockRef check_integer_overflow_end;
 
+        ADD_BASIC_BLOCK(check_integer_overflow_end,
 
+                        "check_integer_overflow_end");
 
+        LLVMMoveBasicBlockAfter(check_integer_overflow_end, block_curr);
 
+
 
+        BUILD_ICMP(LLVMIntULT, offset1, offset_const, cmp1, "cmp1");
 
+        if (!aot_emit_exception(comp_ctx, func_ctx,
 
+                                EXCE_OUT_OF_BOUNDS_MEMORY_ACCESS, true, cmp1,
 
+                                check_integer_overflow_end)) {
 
+            goto fail;
 
+        }
 
+        SET_BUILD_POS(check_integer_overflow_end);
 
+    }
 
+
 
     if (comp_ctx->enable_shared_heap /* TODO: && mem_idx == 0 */) {
 
         LLVMBasicBlockRef app_addr_in_shared_heap, app_addr_in_linear_mem;
 
         LLVMValueRef is_in_shared_heap, shared_heap_check_bound = NULL;
 
@@ -303,7 +317,7 @@ aot_check_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
 
         LLVMPositionBuilderAtEnd(comp_ctx->builder, block_curr);
 
 
         if (!is_target_64bit) {
 
-            /* Check whether interger overflow occurs in addr + offset */
 
+            /* Check whether integer overflow occurs in addr + offset */
 
             LLVMBasicBlockRef check_integer_overflow_end;
 
             ADD_BASIC_BLOCK(check_integer_overflow_end,
 
                             "check_integer_overflow_end");
 
@@ -1215,10 +1229,24 @@ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
 
         goto fail;
 
     }
 
 
-    /* TODO: check whether integer overflow occurs when memory is 64-bit
 
-             and boundary check is enabled */
 
     BUILD_OP(Add, offset, bytes, max_addr, "max_addr");
 
 
+    if (is_memory64 && comp_ctx->enable_bound_check) {
 
+        /* Check whether integer overflow occurs in offset + addr */
 
+        LLVMBasicBlockRef check_integer_overflow_end;
 
+        ADD_BASIC_BLOCK(check_integer_overflow_end,
 
+                        "check_integer_overflow_end");
 
+        LLVMMoveBasicBlockAfter(check_integer_overflow_end, block_curr);
 
+
 
+        BUILD_ICMP(LLVMIntULT, max_addr, offset, cmp, "cmp");
 
+        if (!aot_emit_exception(comp_ctx, func_ctx,
 
+                                EXCE_OUT_OF_BOUNDS_MEMORY_ACCESS, true, cmp,
 
+                                check_integer_overflow_end)) {
 
+            goto fail;
 
+        }
 
+        SET_BUILD_POS(check_integer_overflow_end);
 
+    }
 
+
 
     if (comp_ctx->enable_shared_heap /* TODO: && mem_idx == 0 */) {
 
         LLVMBasicBlockRef app_addr_in_shared_heap, app_addr_in_linear_mem;
 
         LLVMValueRef shared_heap_start_off, shared_heap_check_bound;