Add more checks to enhance security (#446)

add more checks to enhance security
clear "wasi proc exit" exception before return to caller in wasm/aot call functions
fix memory profiling issue
change movdqa to movdqu in simd invokeNative asm codes to fix issue of unaligned address access
move setjmp/longjmp from libc-builtin to libc-emcc
fix zephyr platform compilation issue in latest zephyr version

core/iwasm/libraries/lib-pthread/lib_pthread_wrapper.c

@@ -265,6 +265,10 @@ call_key_destructor(wasm_exec_env_t exec_env)
     WASMCluster *cluster = wasm_exec_env_get_cluster(exec_env);
     ClusterInfoNode *info = get_cluster_info(cluster);
 
+    if (!info) {
+        return;
+    }
+
     value_node = bh_list_first_elem(info->thread_list);
     while (value_node) {
         if (value_node->exec_env == exec_env)
@@ -435,6 +439,11 @@ get_thread_info(wasm_exec_env_t exec_env, uint32 handle)
 {
     WASMCluster *cluster = wasm_exec_env_get_cluster(exec_env);
     ClusterInfoNode *info = get_cluster_info(cluster);
+
+    if (!info) {
+        return NULL;
+    }
+
     return bh_hash_map_find(info->thread_info_map, (void *)(uintptr_t)handle);
 }
 
@@ -524,6 +533,8 @@ pthread_create_wrapper(wasm_exec_env_t exec_env,
     WASIContext *wasi_ctx = get_wasi_ctx(module_inst);
 #endif
 
+    bh_assert(module);
+
     if (!(new_module_inst =
             wasm_runtime_instantiate_internal(module, true, 8192, 0,
                                               NULL, 0)))

core/iwasm/libraries/libc-builtin/libc_builtin_wrapper.c

@@ -1007,21 +1007,6 @@ __cxa_throw_wrapper(wasm_exec_env_t exec_env,
     wasm_runtime_set_exception(module_inst, buf);
 }
 
-static int
-setjmp_wrapper(wasm_exec_env_t exec_env,
-               void *jmp_buf)
-{
-    os_printf("in setjmp()\n");
-    return 0;
-}
-
-static void
-longjmp_wrapper(wasm_exec_env_t exec_env,
-               void *jmp_buf, int val)
-{
-    os_printf("in longjmp()\n");
-}
-
 #if WASM_ENABLE_SPEC_TEST != 0
 static void
 print_wrapper(wasm_exec_env_t exec_env)
@@ -1120,8 +1105,6 @@ static NativeSymbol native_symbols_libc_builtin[] = {
     REG_NATIVE_FUNC(__cxa_allocate_exception, "(i)i"),
     REG_NATIVE_FUNC(__cxa_begin_catch, "(*)"),
     REG_NATIVE_FUNC(__cxa_throw, "(**i)"),
-    REG_NATIVE_FUNC(setjmp, "(*)i"),
-    REG_NATIVE_FUNC(longjmp, "(*i)"),
 };
 
 #if WASM_ENABLE_SPEC_TEST != 0

core/iwasm/libraries/libc-emcc/libc_emcc_wrapper.c

@@ -267,6 +267,21 @@ getentropy_wrapper(wasm_exec_env_t exec_env, void *buffer, uint32 length)
     return getentropy(buffer, length);
 }
 
+static int
+setjmp_wrapper(wasm_exec_env_t exec_env,
+               void *jmp_buf)
+{
+    os_printf("setjmp() called\n");
+    return 0;
+}
+
+static void
+longjmp_wrapper(wasm_exec_env_t exec_env,
+               void *jmp_buf, int val)
+{
+    os_printf("longjmp() called\n");
+}
+
 #if !defined(BH_PLATFORM_LINUX_SGX)
 static FILE *file_list[32] = { 0 };
 
@@ -506,6 +521,8 @@ static NativeSymbol native_symbols_libc_emcc[] = {
     REG_NATIVE_FUNC(munmap, "(ii)i"),
     REG_NATIVE_FUNC(__munmap, "(ii)i"),
     REG_NATIVE_FUNC(getentropy, "(*~)i"),
+    REG_NATIVE_FUNC(setjmp, "(*)i"),
+    REG_NATIVE_FUNC(longjmp, "(*i)"),
 #if !defined(BH_PLATFORM_LINUX_SGX)
     REG_NATIVE_FUNC(fopen, "($$)i"),
     REG_NATIVE_FUNC(fread, "(*iii)i"),

core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c

@@ -1019,9 +1019,13 @@ wasi_poll_oneoff(wasm_exec_env_t exec_env,
     return 0;
 }
 
-void wasi_proc_exit(wasm_exec_env_t exec_env, wasi_exitcode_t rval)
+static void
+wasi_proc_exit(wasm_exec_env_t exec_env, wasi_exitcode_t rval)
 {
     wasm_module_inst_t module_inst = get_module_inst(exec_env);
+    /* Here throwing exception is just to let wasm app exit,
+       the upper layer should clear the exception and return
+       as normal */
     wasm_runtime_set_exception(module_inst, "wasi proc exit");
 }
 

core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c

@@ -1902,9 +1902,9 @@ __wasi_errno_t wasmtime_ssp_path_open(
     }
 
     if (S_ISDIR(sb.st_mode))
-      rights_base |= RIGHTS_DIRECTORY_BASE;
+      rights_base |= (__wasi_rights_t)RIGHTS_DIRECTORY_BASE;
     else if (S_ISREG(sb.st_mode))
-      rights_base |= RIGHTS_REGULAR_FILE_BASE;
+      rights_base |= (__wasi_rights_t)RIGHTS_REGULAR_FILE_BASE;
   }
 
   return fd_table_insert_fd(curfds, nfd, type, rights_base & max_base,

core/iwasm/libraries/thread-mgr/thread_manager.c

@@ -288,6 +288,10 @@ wasm_cluster_spawn_exec_env(WASMExecEnv *exec_env)
     WASMExecEnv *new_exec_env;
     uint32 aux_stack_start, aux_stack_size;
 
+    if (!module) {
+        return NULL;
+    }
+
     if (!(new_module_inst =
         wasm_runtime_instantiate_internal(module, true, 8192,
                                           0, NULL, 0))) {