gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-09-06 18:01:08 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Add more operand stack overflow checks for fast-interp (#1104)

Browse Source 
And clear some compile warnings on Windows
This commit is contained in:
Wenyong Huang 2022-04-20 16:19:12 +08:00 committed by GitHub
parent 0f505aafd9
commit d6e781af28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 29 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/iwasm/common/wasm_exec_env.h
View File

@ -179,8 +179,12 @@ wasm_exec_env_alloc_wasm_frame(WASMExecEnv *exec_env, unsigned size)
bh_assert(!(size & 3)); bh_assert(!(size & 3));
/* The outs area size cannot be larger than the frame size, so /* For classic interpreter, the outs area doesn't contain the const cells,
multiplying by 2 is enough. */ its size cannot be larger than the frame size, so here checking stack
overflow with multiplying by 2 is enough. For fast interpreter, since
the outs area contains const cells, its size may be larger than current
frame size, we should check again before putting the function arguments
into the outs area. */
if (addr + size * 2 > exec_env->wasm_stack.s.top_boundary) { if (addr + size * 2 > exec_env->wasm_stack.s.top_boundary) {
/* WASM stack overflow. */ /* WASM stack overflow. */
return NULL; return NULL;

14
core/iwasm/interpreter/wasm_interp_fast.c
View File

@ -3602,6 +3602,13 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
{ {
outs_area->lp = outs_area->operand + cur_func->const_cell_num; outs_area->lp = outs_area->operand + cur_func->const_cell_num;
} }
if ((uint8 *)(outs_area->lp + cur_func->param_cell_num)
> exec_env->wasm_stack.s.top_boundary) {
wasm_set_exception(module, "wasm operand stack overflow");
goto got_exception;
}
for (i = 0; i < cur_func->param_count; i++) { for (i = 0; i < cur_func->param_count; i++) {
if (cur_func->param_types[i] == VALUE_TYPE_I64 if (cur_func->param_types[i] == VALUE_TYPE_I64
|| cur_func->param_types[i] == VALUE_TYPE_F64) { || cur_func->param_types[i] == VALUE_TYPE_F64) {
@ -3790,6 +3797,13 @@ wasm_interp_call_wasm(WASMModuleInstance *module_inst, WASMExecEnv *exec_env,
frame->lp = frame->operand + 0; frame->lp = frame->operand + 0;
frame->ret_offset = 0; frame->ret_offset = 0;
if ((uint8 *)(outs_area->operand + function->const_cell_num + argc)
> exec_env->wasm_stack.s.top_boundary) {
wasm_set_exception((WASMModuleInstance *)exec_env->module_inst,
"wasm operand stack overflow");
return;
}
if (argc > 0) if (argc > 0)
word_copy(outs_area->operand + function->const_cell_num, argv, argc); word_copy(outs_area->operand + function->const_cell_num, argv, argc);

4
core/iwasm/interpreter/wasm_loader.c
View File

@ -4976,8 +4976,8 @@ wasm_loader_emit_const(WASMLoaderContext *ctx, void *value, bool is_32_bit)
bh_assert(((uintptr_t)ctx->p_code_compiled & 1) == 0); bh_assert(((uintptr_t)ctx->p_code_compiled & 1) == 0);
#endif #endif
bh_memcpy_s(ctx->p_code_compiled, bh_memcpy_s(ctx->p_code_compiled,
ctx->p_code_compiled_end - ctx->p_code_compiled, value, (uint32)(ctx->p_code_compiled_end - ctx->p_code_compiled),
size); value, size);
ctx->p_code_compiled += size; ctx->p_code_compiled += size;
} }
else { else {

4
core/iwasm/interpreter/wasm_mini_loader.c
View File

@ -3501,8 +3501,8 @@ wasm_loader_emit_const(WASMLoaderContext *ctx, void *value, bool is_32_bit)
bh_assert(((uintptr_t)ctx->p_code_compiled & 1) == 0); bh_assert(((uintptr_t)ctx->p_code_compiled & 1) == 0);
#endif #endif
bh_memcpy_s(ctx->p_code_compiled, bh_memcpy_s(ctx->p_code_compiled,
ctx->p_code_compiled_end - ctx->p_code_compiled, value, (uint32)(ctx->p_code_compiled_end - ctx->p_code_compiled),
size); value, size);
ctx->p_code_compiled += size; ctx->p_code_compiled += size;
} }
else { else {

10
core/iwasm/libraries/libc-builtin/libc_builtin_wrapper.c
View File

@ -85,7 +85,7 @@ typedef char *_va_list;
if ((uint32)(fmt - fmt_start_addr + 2) >= fmt_buf_len) { \ if ((uint32)(fmt - fmt_start_addr + 2) >= fmt_buf_len) { \
bh_assert((uint32)(fmt - fmt_start_addr) <= \ bh_assert((uint32)(fmt - fmt_start_addr) <= \
UINT32_MAX - 2); \ UINT32_MAX - 2); \
fmt_buf_len = fmt - fmt_start_addr + 2; \ fmt_buf_len = (uint32)(fmt - fmt_start_addr + 2); \
if (!(fmt_buf = wasm_runtime_malloc(fmt_buf_len))) { \ if (!(fmt_buf = wasm_runtime_malloc(fmt_buf_len))) { \
print_err(out, ctx); \ print_err(out, ctx); \
break; \ break; \
@ -93,8 +93,8 @@ typedef char *_va_list;
} \ } \
\ \
memset(fmt_buf, 0, fmt_buf_len); \ memset(fmt_buf, 0, fmt_buf_len); \
bh_memcpy_s(fmt_buf, fmt_buf_len, \ bh_memcpy_s(fmt_buf, fmt_buf_len, fmt_start_addr, \
fmt_start_addr, fmt - fmt_start_addr + 1); (uint32)(fmt - fmt_start_addr + 1));
/* clang-format on */ /* clang-format on */
#define OUTPUT_TEMP_FORMAT() \ #define OUTPUT_TEMP_FORMAT() \
@ -199,7 +199,7 @@ _vprintf_wa(out_func_t out, void *ctx, const char *fmt, _va_list ap,
d = _va_arg(ap, int32); d = _va_arg(ap, int32);
if (long_ctr == 1) { if (long_ctr == 1) {
uint32 fmt_end_idx = fmt - fmt_start_addr; uint32 fmt_end_idx = (uint32)(fmt - fmt_start_addr);
if (fmt_buf[fmt_end_idx - 1] == 'l' if (fmt_buf[fmt_end_idx - 1] == 'l'
|| fmt_buf[fmt_end_idx - 1] == 'z' || fmt_buf[fmt_end_idx - 1] == 'z'
@ -247,7 +247,7 @@ _vprintf_wa(out_func_t out, void *ctx, const char *fmt, _va_list ap,
s = start = addr_app_to_native(s_offset); s = start = addr_app_to_native(s_offset);
str_len = strlen(start); str_len = (uint32)strlen(start);
if (str_len >= UINT32_MAX - 64) { if (str_len >= UINT32_MAX - 64) {
print_err(out, ctx); print_err(out, ctx);
if (fmt_buf != temp_fmt) { if (fmt_buf != temp_fmt) {