gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2024-11-26 15:32:05 +00:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

Fix a leak in wasm_loader_emit_br_info (#3900)

Browse Source 
Reference Info: 377955855 wamr:wasm_mutator_fuzz_loader: Direct-leak in wasm_loader_emit_br_info

https://issues.oss-fuzz.com/issues/377955855
This commit is contained in:
TianlongLiang 2024-11-13 15:16:13 +08:00 committed by GitHub
parent 226bf22f9e
commit 0e4dffc479
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/iwasm/common/wasm_application.c
View File

@ -105,7 +105,8 @@ execute_main(WASMModuleInstanceCommon *module_inst, int32 argc, char *argv[])
bool ret, is_import_func = true, is_memory64 = false; bool ret, is_import_func = true, is_memory64 = false;
#if WASM_ENABLE_MEMORY64 != 0 #if WASM_ENABLE_MEMORY64 != 0
WASMModuleInstance *wasm_module_inst = (WASMModuleInstance *)module_inst; WASMModuleInstance *wasm_module_inst = (WASMModuleInstance *)module_inst;
is_memory64 = wasm_module_inst->memories[0]->is_memory64; if (wasm_module_inst->memory_count > 0)
is_memory64 = wasm_module_inst->memories[0]->is_memory64;
#endif #endif
exec_env = wasm_runtime_get_exec_env_singleton(module_inst); exec_env = wasm_runtime_get_exec_env_singleton(module_inst);

22
core/iwasm/interpreter/wasm_loader.c
View File

@ -9885,13 +9885,6 @@ fail:
} }
#endif /* WASM_ENABLE_FAST_INTERP */ #endif /* WASM_ENABLE_FAST_INTERP */
#define RESERVE_BLOCK_RET() \
do { \
if (!reserve_block_ret(loader_ctx, opcode, disable_emit, error_buf, \
error_buf_size)) \
goto fail; \
} while (0)
#define PUSH_TYPE(type) \ #define PUSH_TYPE(type) \
do { \ do { \
if (!(wasm_loader_push_frame_ref(loader_ctx, type, error_buf, \ if (!(wasm_loader_push_frame_ref(loader_ctx, type, error_buf, \
@ -11612,7 +11605,10 @@ re_scan:
#if WASM_ENABLE_FAST_INTERP != 0 #if WASM_ENABLE_FAST_INTERP != 0
/* if the result of if branch is in local or const area, add a /* if the result of if branch is in local or const area, add a
* copy op */ * copy op */
RESERVE_BLOCK_RET(); if (!reserve_block_ret(loader_ctx, opcode, disable_emit,
error_buf, error_buf_size)) {
goto fail;
}
emit_empty_label_addr_and_frame_ip(PATCH_END); emit_empty_label_addr_and_frame_ip(PATCH_END);
apply_label_patch(loader_ctx, 1, PATCH_ELSE); apply_label_patch(loader_ctx, 1, PATCH_ELSE);
@ -11672,7 +11668,15 @@ re_scan:
#if WASM_ENABLE_FAST_INTERP != 0 #if WASM_ENABLE_FAST_INTERP != 0
skip_label(); skip_label();
/* copy the result to the block return address */ /* copy the result to the block return address */
RESERVE_BLOCK_RET(); if (!reserve_block_ret(loader_ctx, opcode, disable_emit,
error_buf, error_buf_size)) {
/* it could be tmp frame_csp allocated from opcode like
* OP_BR and not counted in loader_ctx->csp_num, it won't
* be freed in wasm_loader_ctx_destroy(loader_ctx) so need
* to free the loader_ctx->frame_csp if fails */
free_label_patch_list(loader_ctx->frame_csp);
goto fail;
}
apply_label_patch(loader_ctx, 0, PATCH_END); apply_label_patch(loader_ctx, 0, PATCH_END);
free_label_patch_list(loader_ctx->frame_csp); free_label_patch_list(loader_ctx->frame_csp);

18
core/iwasm/interpreter/wasm_mini_loader.c
View File

@ -5592,13 +5592,6 @@ fail:
#endif /* WASM_ENABLE_FAST_INTERP */ #endif /* WASM_ENABLE_FAST_INTERP */
#define RESERVE_BLOCK_RET() \
do { \
if (!reserve_block_ret(loader_ctx, opcode, disable_emit, error_buf, \
error_buf_size)) \
goto fail; \
} while (0)
#define PUSH_TYPE(type) \ #define PUSH_TYPE(type) \
do { \ do { \
if (!(wasm_loader_push_frame_ref(loader_ctx, type, error_buf, \ if (!(wasm_loader_push_frame_ref(loader_ctx, type, error_buf, \
@ -6366,7 +6359,10 @@ re_scan:
#if WASM_ENABLE_FAST_INTERP != 0 #if WASM_ENABLE_FAST_INTERP != 0
/* if the result of if branch is in local or const area, add a /* if the result of if branch is in local or const area, add a
* copy op */ * copy op */
RESERVE_BLOCK_RET(); if (!reserve_block_ret(loader_ctx, opcode, disable_emit,
error_buf, error_buf_size)) {
goto fail;
}
emit_empty_label_addr_and_frame_ip(PATCH_END); emit_empty_label_addr_and_frame_ip(PATCH_END);
apply_label_patch(loader_ctx, 1, PATCH_ELSE); apply_label_patch(loader_ctx, 1, PATCH_ELSE);
@ -6426,7 +6422,11 @@ re_scan:
#if WASM_ENABLE_FAST_INTERP != 0 #if WASM_ENABLE_FAST_INTERP != 0
skip_label(); skip_label();
/* copy the result to the block return address */ /* copy the result to the block return address */
RESERVE_BLOCK_RET(); if (!reserve_block_ret(loader_ctx, opcode, disable_emit,
error_buf, error_buf_size)) {
free_label_patch_list(loader_ctx->frame_csp);
goto fail;
}
apply_label_patch(loader_ctx, 0, PATCH_END); apply_label_patch(loader_ctx, 0, PATCH_END);
free_label_patch_list(loader_ctx->frame_csp); free_label_patch_list(loader_ctx->frame_csp);