christoph/wamr
1
Fork 0
Code Releases Activity

Add integer overflow check for some indices in wasm/aot loader (#3579)

Browse Source 
Check whether the indices overflow UINT32_MAX or not for:
- import function count + function count
- import global count + global count
- import tag count + tag count

This PR fixes the issue reported by Oss-fuzz test (#69920).
This commit is contained in:
liang.he
2024-07-02 15:48:37 +08:00
committed by GitHub
parent 3d4d8e61f0
commit f118492b1d
5 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/iwasm/interpreter/wasm_mini_loader.c
View File

@ -1139,6 +1139,8 @@ load_function_section(const uint8 *buf, const uint8 *buf_end,
bh_assert(func_count == code_count);
bh_assert(module->import_function_count <= UINT32_MAX - func_count);
if (func_count) {
module->function_count = func_count;
total_size = sizeof(WASMFunction *) * (uint64)func_count;
@ -1321,6 +1323,8 @@ load_global_section(const uint8 *buf, const uint8 *buf_end, WASMModule *module,
read_leb_uint32(p, p_end, global_count);
bh_assert(module->import_global_count <= UINT32_MAX - global_count);
module->global_count = 0;
if (global_count) {
total_size = sizeof(WASMGlobal) * (uint64)global_count;