Inicio Explorar Ayuda
Iniciar sesión
bytecodealliance
/
wasm-micro-runtime
espejo de https://github-proxy.rt-thread.io/bytecodealliance/wasm-micro-runtime.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

Add fast interpreter offset overflow check (#1076)

* check fast interpreter offset overflow
Xu Jun hace 3 años
padre
ea63ba4bd0
commit
fd9cce0eef
Se han modificado 2 ficheros con 21 adiciones y 4 borrados
Dividir vista Mostrar estadísticas de diff
  1. 15 2
      core/iwasm/interpreter/wasm_loader.c
  2. 6 2
      core/iwasm/interpreter/wasm_mini_loader.c

+ 15 - 2
core/iwasm/interpreter/wasm_loader.c
Ver fichero 

@@ -5317,8 +5317,12 @@ wasm_loader_push_frame_offset(WASMLoaderContext *ctx, uint8 type,
 
         emit_operand(ctx, ctx->dynamic_offset);
 
         *(ctx->frame_offset)++ = ctx->dynamic_offset;
 
         ctx->dynamic_offset++;
 
-        if (ctx->dynamic_offset > ctx->max_dynamic_offset)
 
+        if (ctx->dynamic_offset > ctx->max_dynamic_offset) {
 
             ctx->max_dynamic_offset = ctx->dynamic_offset;
 
+            if (ctx->max_dynamic_offset >= INT16_MAX) {
 
+                goto fail;
 
+            }
 
+        }
 
     }
 
 
     if (is_32bit_type(type))
 
@@ -5332,10 +5336,19 @@ wasm_loader_push_frame_offset(WASMLoaderContext *ctx, uint8 type,
 
     ctx->frame_offset++;
 
     if (!disable_emit) {
 
         ctx->dynamic_offset++;
 
-        if (ctx->dynamic_offset > ctx->max_dynamic_offset)
 
+        if (ctx->dynamic_offset > ctx->max_dynamic_offset) {
 
             ctx->max_dynamic_offset = ctx->dynamic_offset;
 
+            if (ctx->max_dynamic_offset >= INT16_MAX) {
 
+                goto fail;
 
+            }
 
+        }
 
     }
 
     return true;
 
+
 
+fail:
 
+    set_error_buf(error_buf, error_buf_size,
 
+                  "fast interpreter offset overflow");
 
+    return false;
 
 }
 
 
 /* This function should be in front of wasm_loader_pop_frame_ref

+ 6 - 2
core/iwasm/interpreter/wasm_mini_loader.c
Ver fichero 

@@ -3844,8 +3844,10 @@ wasm_loader_push_frame_offset(WASMLoaderContext *ctx, uint8 type,
 
         emit_operand(ctx, ctx->dynamic_offset);
 
         *(ctx->frame_offset)++ = ctx->dynamic_offset;
 
         ctx->dynamic_offset++;
 
-        if (ctx->dynamic_offset > ctx->max_dynamic_offset)
 
+        if (ctx->dynamic_offset > ctx->max_dynamic_offset) {
 
             ctx->max_dynamic_offset = ctx->dynamic_offset;
 
+            bh_assert(ctx->max_dynamic_offset < INT16_MAX);
 
+        }
 
     }
 
 
     if (is_32bit_type(type))
 
@@ -3859,8 +3861,10 @@ wasm_loader_push_frame_offset(WASMLoaderContext *ctx, uint8 type,
 
     ctx->frame_offset++;
 
     if (!disable_emit) {
 
         ctx->dynamic_offset++;
 
-        if (ctx->dynamic_offset > ctx->max_dynamic_offset)
 
+        if (ctx->dynamic_offset > ctx->max_dynamic_offset) {
 
             ctx->max_dynamic_offset = ctx->dynamic_offset;
 
+            bh_assert(ctx->max_dynamic_offset < INT16_MAX);
 
+        }
 
     }
 
     return true;
 
 }