christoph/wamr
1
Fork 0
Code Releases Activity

interpreter: Fix an UBSan complaint in word_copy (#1106)

Browse Source 
Fix an UBSan complaint introduced by recent change by adding more checks
to word_copy:
```
wasm_interp_fast.c:792:9: runtime error: applying zero offset to null pointer
```
This commit is contained in:
YAMAMOTO Takashi
2022-04-21 13:21:37 +09:00
committed by GitHub
parent 67d6a2886e
commit 91222e1e44
2 changed files with 34 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
core/iwasm/interpreter/wasm_interp_fast.c
View File

@ -787,6 +787,9 @@ sign_ext_32_64(int32 val)
static inline void
word_copy(uint32 *dest, uint32 *src, unsigned num)
{
bh_assert(dest != NULL);
bh_assert(src != NULL);
bh_assert(num > 0);
if (dest != src) {
/* No overlap buffer */
bh_assert(!((src < dest) && (dest < src + num)));
@ -3575,7 +3578,9 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
}
}
frame->lp = frame->operand + cur_func->const_cell_num;
word_copy(frame->lp, lp_base, lp - lp_base);
if (lp - lp_base > 0) {
word_copy(frame->lp, lp_base, lp - lp_base);
}
wasm_runtime_free(lp_base);
FREE_FRAME(exec_env, frame);
frame_ip += cur_func->param_count * sizeof(int16);
@ -3695,8 +3700,10 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
frame->operand + cur_wasm_func->const_cell_num;
/* Initialize the consts */
word_copy(frame->operand, (uint32 *)cur_wasm_func->consts,
cur_wasm_func->const_cell_num);
if (cur_wasm_func->const_cell_num > 0) {
word_copy(frame->operand, (uint32 *)cur_wasm_func->consts,
cur_wasm_func->const_cell_num);
}
/* Initialize the local variables */
memset(frame_lp + cur_func->param_cell_num, 0,