From 7f8292ffd12b0881ce7b9797a9075da09c849cae Mon Sep 17 00:00:00 2001 From: Wenyong Huang Date: Thu, 9 Nov 2023 08:42:05 +0800 Subject: [PATCH] Add more buffer boundary checks in wasm loader (#2734) And fix exception not printed in `iwasm --repl` mode and resize the memory data size to UINT32_MAX if the initial page number is 65536. --- core/iwasm/aot/aot_runtime.c | 6 ++++++ core/iwasm/interpreter/wasm_loader.c | 5 ++++- core/iwasm/interpreter/wasm_runtime.c | 6 ++++++ product-mini/platforms/posix/main.c | 3 +++ product-mini/platforms/windows/main.c | 3 +++ 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/core/iwasm/aot/aot_runtime.c b/core/iwasm/aot/aot_runtime.c index a65d1f53..2e63c587 100644 --- a/core/iwasm/aot/aot_runtime.c +++ b/core/iwasm/aot/aot_runtime.c @@ -489,6 +489,12 @@ memory_instantiate(AOTModuleInstance *module_inst, AOTModuleInstance *parent, if (max_page_count > DEFAULT_MAX_PAGES) max_page_count = DEFAULT_MAX_PAGES; } + else { /* heap_size == 0 */ + if (init_page_count == DEFAULT_MAX_PAGES) { + num_bytes_per_page = UINT32_MAX; + init_page_count = max_page_count = 1; + } + } LOG_VERBOSE("Memory instantiate:"); LOG_VERBOSE(" page bytes: %u, init pages: %u, max pages: %u", diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c index ea2eb70f..9e88e205 100644 --- a/core/iwasm/interpreter/wasm_loader.c +++ b/core/iwasm/interpreter/wasm_loader.c @@ -173,7 +173,6 @@ fail: #define read_uint8(p) TEMPLATE_READ_VALUE(uint8, p) #define read_uint32(p) TEMPLATE_READ_VALUE(uint32, p) -#define read_bool(p) TEMPLATE_READ_VALUE(bool, p) #define read_leb_int64(p, p_end, res) \ do { \ @@ -490,6 +489,7 @@ load_init_expr(const uint8 **p_buf, const uint8 *buf_end, if (type != VALUE_TYPE_V128) goto fail_type_mismatch; + CHECK_BUF(p, p_end, 1); flag = read_uint8(p); (void)flag; @@ -7138,6 +7138,7 @@ re_scan: BlockType block_type; p_org = p - 1; + CHECK_BUF(p, p_end, 1); value_type = read_uint8(p); if (is_byte_a_type(value_type)) { /* If the first byte is one of these special values: @@ -9099,6 +9100,7 @@ re_scan: { uint32 opcode1; + CHECK_BUF(p, p_end, 1); opcode1 = read_uint8(p); /* follow the order of enum WASMSimdEXTOpcode in wasm_opcode.h */ @@ -9760,6 +9762,7 @@ re_scan: { uint32 opcode1; + CHECK_BUF(p, p_end, 1); opcode1 = read_uint8(p); #if WASM_ENABLE_FAST_INTERP != 0 emit_byte(loader_ctx, opcode1); diff --git a/core/iwasm/interpreter/wasm_runtime.c b/core/iwasm/interpreter/wasm_runtime.c index 6c18d492..b63a7f5b 100644 --- a/core/iwasm/interpreter/wasm_runtime.c +++ b/core/iwasm/interpreter/wasm_runtime.c @@ -276,6 +276,12 @@ memory_instantiate(WASMModuleInstance *module_inst, WASMModuleInstance *parent, if (max_page_count > DEFAULT_MAX_PAGES) max_page_count = DEFAULT_MAX_PAGES; } + else { /* heap_size == 0 */ + if (init_page_count == DEFAULT_MAX_PAGES) { + num_bytes_per_page = UINT32_MAX; + init_page_count = max_page_count = 1; + } + } LOG_VERBOSE("Memory instantiate:"); LOG_VERBOSE(" page bytes: %u, init pages: %u, max pages: %u", diff --git a/product-mini/platforms/posix/main.c b/product-mini/platforms/posix/main.c index 9140b924..990efaf5 100644 --- a/product-mini/platforms/posix/main.c +++ b/product-mini/platforms/posix/main.c @@ -207,8 +207,11 @@ app_instance_repl(wasm_module_inst_t module_inst) break; } if (app_argc != 0) { + const char *exception; wasm_application_execute_func(module_inst, app_argv[0], app_argc - 1, app_argv + 1); + if ((exception = wasm_runtime_get_exception(module_inst))) + printf("%s\n", exception); } free(app_argv); } diff --git a/product-mini/platforms/windows/main.c b/product-mini/platforms/windows/main.c index 457d0ef1..85fb8587 100644 --- a/product-mini/platforms/windows/main.c +++ b/product-mini/platforms/windows/main.c @@ -161,8 +161,11 @@ app_instance_repl(wasm_module_inst_t module_inst) break; } if (app_argc != 0) { + const char *exception; wasm_application_execute_func(module_inst, app_argv[0], app_argc - 1, app_argv + 1); + if ((exception = wasm_runtime_get_exception(module_inst))) + printf("%s\n", exception); } free(app_argv); }