christoph/wamr
1
Fork 0
Code Releases Activity

Add integer overflow check for some indices in wasm/aot loader (#3579)

Browse Source 
Check whether the indices overflow UINT32_MAX or not for:
- import function count + function count
- import global count + global count
- import tag count + tag count

This PR fixes the issue reported by Oss-fuzz test (#69920).
This commit is contained in:
liang.he
2024-07-02 15:48:37 +08:00
committed by GitHub
parent 3d4d8e61f0
commit f118492b1d
5 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/iwasm/aot/aot_loader.c
View File

@ -2217,6 +2217,9 @@ load_global_info(const uint8 **p_buf, const uint8 *buf_end, AOTModule *module,
const uint8 *buf = *p_buf;
read_uint32(buf, buf_end, module->global_count);
if (is_indices_overflow(module->import_global_count, module->global_count,
error_buf, error_buf_size))
return false;
/* load globals */
if (module->global_count > 0
@ -2481,6 +2484,10 @@ load_init_data_section(const uint8 *buf, const uint8 *buf_end,
/* load function count and start function index */
read_uint32(p, p_end, module->func_count);
if (is_indices_overflow(module->import_func_count, module->func_count,
error_buf, error_buf_size))
return false;
read_uint32(p, p_end, module->start_func_index);
/* check start function index */