T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fail module translation for segments with overflowing offset+length.

Browse Source 
This commit fails translation of modules that have an segment offset, when
added to the data length, overflows.
This commit is contained in:
Peter Huene
2021-03-05 18:05:02 -08:00
parent 1a0493946d
commit 9801c681ce
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cranelift/wasm/src/sections_translator.rs
View File

@@ -401,6 +401,12 @@ pub fn parse_element_section<'data>(
)); ));
} }
}; };
// Check for offset + len overflow
if offset.checked_add(segments.len()).is_none() {
return Err(wasm_unsupported!(
"element segment offset and length overflows"
));
}
environ.declare_table_elements( environ.declare_table_elements(
TableIndex::from_u32(table_index), TableIndex::from_u32(table_index),
base, base,
@@ -447,6 +453,12 @@ pub fn parse_data_section<'data>(
)) ))
} }
}; };
// Check for offset + len overflow
if offset.checked_add(data.len()).is_none() {
return Err(wasm_unsupported!(
"data segment offset and length overflows"
));
}
environ.declare_data_initialization( environ.declare_data_initialization(
MemoryIndex::from_u32(memory_index), MemoryIndex::from_u32(memory_index),
base, base,