From ab4f0c541988e038b6af6a200838758a386b02a0 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Sat, 25 Apr 2020 11:48:24 +0800 Subject: [PATCH] bugfix: check type for opcode block, loop and if (#238) (#239) Otherwise a block opcode with invalid type signature could crash the wasm loader. --- core/iwasm/interpreter/wasm_loader.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c index d24babbf..cc44e174 100644 --- a/core/iwasm/interpreter/wasm_loader.c +++ b/core/iwasm/interpreter/wasm_loader.c @@ -3489,6 +3489,24 @@ check_memory(WASMModule *module, #endif /* WASM_ENABLE_FAST_INTERP */ +static bool +is_block_type_valid(uint8 type) +{ + return type == VALUE_TYPE_I32 || + type == VALUE_TYPE_I64 || + type == VALUE_TYPE_F32 || + type == VALUE_TYPE_F64 || + type == VALUE_TYPE_VOID; +} + +#define CHECK_BLOCK_TYPE(type) do { \ + if (!is_block_type_valid(type)) { \ + set_error_buf(error_buf, error_buf_size, \ + "WASM module load failed: invalid block type"); \ + goto fail; \ + } \ + } while (0) + static bool wasm_loader_prepare_bytecode(WASMModule *module, WASMFunction *func, BlockAddr *block_addr_cache, @@ -3576,6 +3594,7 @@ re_scan: case WASM_OP_BLOCK: /* 0x40/0x7F/0x7E/0x7D/0x7C */ block_return_type = read_uint8(p); + CHECK_BLOCK_TYPE(block_return_type); PUSH_CSP(BLOCK_TYPE_BLOCK, block_return_type, p); #if WASM_ENABLE_FAST_INTERP != 0 skip_label(); @@ -3585,6 +3604,7 @@ re_scan: case WASM_OP_LOOP: /* 0x40/0x7F/0x7E/0x7D/0x7C */ block_return_type = read_uint8(p); + CHECK_BLOCK_TYPE(block_return_type); PUSH_CSP(BLOCK_TYPE_LOOP, block_return_type, p); #if WASM_ENABLE_FAST_INTERP != 0 skip_label(); @@ -3597,6 +3617,7 @@ re_scan: POP_I32(); /* 0x40/0x7F/0x7E/0x7D/0x7C */ block_return_type = read_uint8(p); + CHECK_BLOCK_TYPE(block_return_type); PUSH_CSP(BLOCK_TYPE_IF, block_return_type, p); #if WASM_ENABLE_FAST_INTERP != 0 emit_empty_label_addr_and_frame_ip(PATCH_ELSE);