christoph/wamr
1
Fork 0
Code Releases Activity

Fix several issues reported by oss-fuzz (#3526)

Browse Source 
- possible integer overflow in adjust_table_max_size:
  unsigned integer overflow: 2684354559 * 2 cannot be represented in type 'uint32'
- limit max memory size in wasm_runtime_malloc
- add more checks in aot loader
- adjust compilation options
This commit is contained in:
liang.he
2024-06-13 16:06:36 +08:00
committed by GitHub
parent 42ad4728f6
commit 40c41d5110
5 changed files with 40 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core/iwasm/interpreter/wasm_loader.c
View File

@ -380,8 +380,7 @@ loader_malloc(uint64 size, char *error_buf, uint32 error_buf_size)
{
void *mem;
if (size >= WASM_MEM_ALLOC_MAX_SIZE
|| !(mem = wasm_runtime_malloc((uint32)size))) {
if (size >= UINT32_MAX || !(mem = wasm_runtime_malloc((uint32)size))) {
set_error_buf(error_buf, error_buf_size, "allocate memory failed");
return NULL;
}
@ -2255,9 +2254,15 @@ fail:
static void
adjust_table_max_size(uint32 init_size, uint32 max_size_flag, uint32 *max_size)
{
uint32 default_max_size = init_size * 2 > WASM_TABLE_MAX_SIZE
? init_size * 2
: WASM_TABLE_MAX_SIZE;
uint32 default_max_size;
if (UINT32_MAX / 2 > init_size)
default_max_size = init_size * 2;
else
default_max_size = UINT32_MAX;
if (default_max_size < WASM_TABLE_MAX_SIZE)
default_max_size = WASM_TABLE_MAX_SIZE;
if (max_size_flag) {
/* module defines the table limitation */