Главная Обзор Помощь
Вход
bytecodealliance
/
wasm-micro-runtime
зеркало из https://github-proxy.rt-thread.io/bytecodealliance/wasm-micro-runtime.git
2
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

fix potential overflow in memory size calculation (#4549)

Signed-off-by: zhenweijin <zhenwei.jin@intel.com>
Zhenwei Jin 4 месяцев назад
Родитель
6c3f6fd017
Сommit
d55852d992
2 измененных файлов с 6 добавлено и 6 удалено
Разделённый вид Показать статистику Diff
  1. 3 3
      core/iwasm/aot/aot_runtime.c
  2. 3 3
      core/iwasm/interpreter/wasm_runtime.c

+ 3 - 3
core/iwasm/aot/aot_runtime.c
Просмотреть файл 

@@ -1026,14 +1026,14 @@ memory_instantiate(AOTModuleInstance *module_inst, AOTModuleInstance *parent,
 
         /* If only one page and at most one page, we just append
 
            the app heap to the end of linear memory, enlarge the
 
            num_bytes_per_page, and don't change the page count */
 
-        heap_offset = num_bytes_per_page;
 
-        num_bytes_per_page += heap_size;
 
-        if (num_bytes_per_page < heap_size) {
 
+        if (heap_size > UINT32_MAX - num_bytes_per_page) {
 
             set_error_buf(error_buf, error_buf_size,
 
                           "failed to insert app heap into linear memory, "
 
                           "try using `--heap-size=0` option");
 
             return NULL;
 
         }
 
+        heap_offset = num_bytes_per_page;
 
+        num_bytes_per_page += heap_size;
 
     }
 
     else if (heap_size > 0) {
 
         if (init_page_count == max_page_count && init_page_count == 0) {

+ 3 - 3
core/iwasm/interpreter/wasm_runtime.c
Просмотреть файл 

@@ -335,14 +335,14 @@ memory_instantiate(WASMModuleInstance *module_inst, WASMModuleInstance *parent,
 
             /* If only one page and at most one page, we just append
 
                the app heap to the end of linear memory, enlarge the
 
                num_bytes_per_page, and don't change the page count */
 
-            heap_offset = num_bytes_per_page;
 
-            num_bytes_per_page += heap_size;
 
-            if (num_bytes_per_page < heap_size) {
 
+            if (heap_size > UINT32_MAX - num_bytes_per_page) {
 
                 set_error_buf(error_buf, error_buf_size,
 
                               "failed to insert app heap into linear memory, "
 
                               "try using `--heap-size=0` option");
 
                 return NULL;
 
             }
 
+            heap_offset = num_bytes_per_page;
 
+            num_bytes_per_page += heap_size;
 
         }
 
         else if (heap_size > 0) {
 
             if (init_page_count == max_page_count && init_page_count == 0) {