Merge pull request from GHSA-4873-36h9-wv49

Stop doing fuzzy search for stack maps
2021-09-17 10:28:50 -07:00
parent 101998733b ec4e48d4cb
commit 398a73f0dd
1 changed files with 52 additions and 48 deletions
--- a/crates/wasmtime/src/module/registry.rs
+++ b/crates/wasmtime/src/module/registry.rs
@@ -122,13 +122,29 @@ impl ModuleInfo for RegisteredModule {
        let info = self.module.func_info(index);

        // Do a binary search to find the stack map for the given offset.
+        let index = match info
+            .stack_maps
+            .binary_search_by_key(&func_offset, |i| i.code_offset)
+        {
+            // Found it.
+            Ok(i) => i,
+
+            // No stack map associated with this PC.
            //
-        // Because GC safepoints are technically only associated with a single
-        // PC, we should ideally only care about `Ok(index)` values returned
-        // from the binary search. However, safepoints are inserted right before
-        // calls, and there are two things that can disturb the PC/offset
-        // associated with the safepoint versus the PC we actually use to query
-        // for the stack map:
+            // Because we know we are in Wasm code, and we must be at some kind
+            // of call/safepoint, then the Cranelift backend must have avoided
+            // emitting a stack map for this location because no refs were live.
+            #[cfg(not(feature = "old-x86-backend"))]
+            Err(_) => return None,
+
+            // ### Old x86_64 backend specific code.
+            //
+            // Because GC safepoints are technically only associated with a
+            // single PC, we should ideally only care about `Ok(index)` values
+            // returned from the binary search. However, safepoints are inserted
+            // right before calls, and there are two things that can disturb the
+            // PC/offset associated with the safepoint versus the PC we actually
+            // use to query for the stack map:
            //
            // 1. The `backtrace` crate gives us the PC in a frame that will be
            //    *returned to*, and where execution will continue from, rather than
@@ -162,21 +178,9 @@ impl ModuleInfo for RegisteredModule {
            //    (which would not have been updated to point to the moved objects)
            //    or reload from the stack slots (which would have been updated to
            //    point to the moved objects).
-
-        let index = match info
-            .stack_maps
-            .binary_search_by_key(&func_offset, |i| i.code_offset)
-        {
-            // Exact hit.
-            Ok(i) => i,
-
-            // `Err(0)` means that the associated stack map would have been the
-            // first element in the array if this pc had an associated stack
-            // map, but this pc does not have an associated stack map. This can
-            // only happen inside a Wasm frame if there are no live refs at this
-            // pc.
+            #[cfg(feature = "old-x86-backend")]
            Err(0) => return None,
-
+            #[cfg(feature = "old-x86-backend")]
            Err(i) => i - 1,
        };