Strona główna Odkrywaj Pomoc
Zaloguj się
bytecodealliance
/
wasm-micro-runtime
kopia lustrzana https://github-proxy.rt-thread.io/bytecodealliance/wasm-micro-runtime.git
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

fix potential overflow in memory size calculation (#4549)

Signed-off-by: zhenweijin <zhenwei.jin@intel.com>
Zhenwei Jin 4 miesięcy temu
rodzic
6c3f6fd017
commit
d55852d992
2 zmienionych plików z 6 dodań i 6 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 3 3
      core/iwasm/aot/aot_runtime.c
  2. 3 3
      core/iwasm/interpreter/wasm_runtime.c

+ 3 - 3
core/iwasm/aot/aot_runtime.c
Wyświetl plik 

@@ -1026,14 +1026,14 @@ memory_instantiate(AOTModuleInstance *module_inst, AOTModuleInstance *parent,
 
         /* If only one page and at most one page, we just append
 
         /* If only one page and at most one page, we just append
 
            the app heap to the end of linear memory, enlarge the
 
            the app heap to the end of linear memory, enlarge the
 
            num_bytes_per_page, and don't change the page count */
 
            num_bytes_per_page, and don't change the page count */
 
-        heap_offset = num_bytes_per_page;
 
-        num_bytes_per_page += heap_size;
 
-        if (num_bytes_per_page < heap_size) {
 
+        if (heap_size > UINT32_MAX - num_bytes_per_page) {
 
             set_error_buf(error_buf, error_buf_size,
 
             set_error_buf(error_buf, error_buf_size,
 
                           "failed to insert app heap into linear memory, "
 
                           "failed to insert app heap into linear memory, "
 
                           "try using `--heap-size=0` option");
 
                           "try using `--heap-size=0` option");
 
             return NULL;
 
             return NULL;
 
         }
 
         }
 
+        heap_offset = num_bytes_per_page;
 
+        num_bytes_per_page += heap_size;
 
     }
 
     }
 
     else if (heap_size > 0) {
 
     else if (heap_size > 0) {
 
         if (init_page_count == max_page_count && init_page_count == 0) {
 
         if (init_page_count == max_page_count && init_page_count == 0) {

+ 3 - 3
core/iwasm/interpreter/wasm_runtime.c
Wyświetl plik 

@@ -335,14 +335,14 @@ memory_instantiate(WASMModuleInstance *module_inst, WASMModuleInstance *parent,
 
             /* If only one page and at most one page, we just append
 
             /* If only one page and at most one page, we just append
 
                the app heap to the end of linear memory, enlarge the
 
                the app heap to the end of linear memory, enlarge the
 
                num_bytes_per_page, and don't change the page count */
 
                num_bytes_per_page, and don't change the page count */
 
-            heap_offset = num_bytes_per_page;
 
-            num_bytes_per_page += heap_size;
 
-            if (num_bytes_per_page < heap_size) {
 
+            if (heap_size > UINT32_MAX - num_bytes_per_page) {
 
                 set_error_buf(error_buf, error_buf_size,
 
                 set_error_buf(error_buf, error_buf_size,
 
                               "failed to insert app heap into linear memory, "
 
                               "failed to insert app heap into linear memory, "
 
                               "try using `--heap-size=0` option");
 
                               "try using `--heap-size=0` option");
 
                 return NULL;
 
                 return NULL;
 
             }
 
             }
 
+            heap_offset = num_bytes_per_page;
 
+            num_bytes_per_page += heap_size;
 
         }
 
         }
 
         else if (heap_size > 0) {
 
         else if (heap_size > 0) {
 
             if (init_page_count == max_page_count && init_page_count == 0) {
 
             if (init_page_count == max_page_count && init_page_count == 0) {