christoph/wamr
1
Fork 0
Code Releases Activity

Fix app heap corrupted unchecked issue (#788)

Browse Source 
Check whether app heap is corrupted in gc_migrate() and gci_dump(),
and handle the failures in wasm/aot_enlarge_memory().
This commit is contained in:
Wenyong Huang
2021-10-15 20:56:41 +08:00
committed by GitHub
parent a121e45a1e
commit 3dff80157b
7 changed files with 75 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
core/shared/mem-alloc/ems/ems_kfc.c
View File

@ -183,6 +183,11 @@ gc_migrate(gc_handle_t handle, char *pool_buf_new, gc_size_t pool_buf_size)
if (offset == 0)
return 0;
if (heap->is_heap_corrupted) {
os_printf("[GC_ERROR]Heap is corrupted, heap migrate failed.\n");
return GC_ERROR;
}
heap->base_addr = (uint8 *)base_addr_new;
adjust_ptr((uint8 **)&heap->kfc_tree_root.left, offset);
adjust_ptr((uint8 **)&heap->kfc_tree_root.right, offset);
@ -193,7 +198,12 @@ gc_migrate(gc_handle_t handle, char *pool_buf_new, gc_size_t pool_buf_size)
while (cur < end) {
size = hmu_get_size(cur);
bh_assert(size > 0);
if (size <= 0 || size > (uint8 *)end - (uint8 *)cur) {
os_printf("[GC_ERROR]Heap is corrupted, heap migrate failed.\n");
heap->is_heap_corrupted = true;
return GC_ERROR;
}
if (hmu_get_ut(cur) == HMU_FC && !HMU_IS_FC_NORMAL(size)) {
tree_node = (hmu_tree_node_t *)cur;
@ -207,7 +217,12 @@ gc_migrate(gc_handle_t handle, char *pool_buf_new, gc_size_t pool_buf_size)
cur = (hmu_t *)((char *)cur + size);
}
bh_assert(cur == end);
if (cur != end) {
os_printf("[GC_ERROR]Heap is corrupted, heap migrate failed.\n");
heap->is_heap_corrupted = true;
return GC_ERROR;
}
return 0;
}