T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a possible overflow due to use of fionread in poll_oneoff on Unix. (#881)

Browse Source 
Closes #578.
This commit is contained in:
Marcin Mielniczuk
2020-02-26 01:04:46 +01:00
committed by GitHub
parent 5bed47631a
commit 150a3e588b
2 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
crates/wasi-common/src/sys/unix/hostcalls_impl/misc.rs
View File

@@ -124,9 +124,24 @@ fn poll_oneoff_handle_fd_event<'a>(
ready_events: impl Iterator<Item = (FdEventData<'a>, yanix::poll::PollFd)>,
events: &mut Vec<wasi::__wasi_event_t>,
) -> Result<()> {
use crate::fdentry::Descriptor;
use std::{convert::TryInto, os::unix::prelude::AsRawFd};
use yanix::{file::fionread, poll::PollFlags};
fn query_nbytes(fd: &Descriptor) -> Result<u64> {
// fionread may overflow for large files, so use another way for regular files.
if let Descriptor::OsHandle(os_handle) = fd {
let meta = os_handle.metadata()?;
if meta.file_type().is_file() {
use yanix::file::tell;
let len = meta.len();
let host_offset = unsafe { tell(os_handle.as_raw_fd())? };
return Ok(len - host_offset);
}
}
unsafe { Ok(fionread(fd.as_raw_fd())?.into()) }
}
for (fd_event, poll_fd) in ready_events {
log::debug!("poll_oneoff_handle_fd_event fd_event = {:?}", fd_event);
log::debug!("poll_oneoff_handle_fd_event poll_fd = {:?}", poll_fd);
@@ -139,7 +154,7 @@ fn poll_oneoff_handle_fd_event<'a>(
log::debug!("poll_oneoff_handle_fd_event revents = {:?}", revents);
let nbytes = if fd_event.r#type == wasi::__WASI_EVENTTYPE_FD_READ {
unsafe { fionread(fd_event.descriptor.as_raw_fd())? }
query_nbytes(fd_event.descriptor)?
} else {
0
};