gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-10-26 10:51:17 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

add validation of dynamic_offset (#4563)

Browse Source 
* add check_dynamic_offset_pop
This commit is contained in:
Liu Jia 2025-10-23 11:27:30 +08:00 committed by GitHub
parent 3bf08a0eda
commit 0ecaf8c7da
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
core/iwasm/interpreter/wasm_loader.c
View File

@ -8542,6 +8542,15 @@ check_offset_pop(WASMLoaderContext *ctx, uint32 cells)
return true; return true;
} }
static bool
check_dynamic_offset_pop(WASMLoaderContext *ctx, uint32 cells)
{
if (ctx->dynamic_offset < 0
|| (ctx->dynamic_offset > 0 && (uint32)ctx->dynamic_offset < cells))
return false;
return true;
}
static void static void
free_label_patch_list(BranchBlock *frame_csp) free_label_patch_list(BranchBlock *frame_csp)
{ {
@ -9980,7 +9989,8 @@ wasm_loader_pop_frame_offset(WASMLoaderContext *ctx, uint8 type,
return true; return true;
ctx->frame_offset -= cell_num_to_pop; ctx->frame_offset -= cell_num_to_pop;
if ((*(ctx->frame_offset) > ctx->start_dynamic_offset) if (check_dynamic_offset_pop(ctx, cell_num_to_pop)
&& (*(ctx->frame_offset) > ctx->start_dynamic_offset)
&& (*(ctx->frame_offset) < ctx->max_dynamic_offset)) && (*(ctx->frame_offset) < ctx->max_dynamic_offset))
ctx->dynamic_offset -= cell_num_to_pop; ctx->dynamic_offset -= cell_num_to_pop;

12
core/iwasm/interpreter/wasm_mini_loader.c
View File

@ -4342,6 +4342,15 @@ check_offset_pop(WASMLoaderContext *ctx, uint32 cells)
return true; return true;
} }
static bool
check_dynamic_offset_pop(WASMLoaderContext *ctx, uint32 cells)
{
if (ctx->dynamic_offset < 0
|| (ctx->dynamic_offset > 0 && (uint32)ctx->dynamic_offset < cells))
return false;
return true;
}
static void static void
free_label_patch_list(BranchBlock *frame_csp) free_label_patch_list(BranchBlock *frame_csp)
{ {
@ -5256,7 +5265,8 @@ wasm_loader_pop_frame_offset(WASMLoaderContext *ctx, uint8 type,
return true; return true;
ctx->frame_offset -= cell_num_to_pop; ctx->frame_offset -= cell_num_to_pop;
if ((*(ctx->frame_offset) > ctx->start_dynamic_offset) if (check_dynamic_offset_pop(ctx, cell_num_to_pop)
&& (*(ctx->frame_offset) > ctx->start_dynamic_offset)
&& (*(ctx->frame_offset) < ctx->max_dynamic_offset)) && (*(ctx->frame_offset) < ctx->max_dynamic_offset))
ctx->dynamic_offset -= cell_num_to_pop; ctx->dynamic_offset -= cell_num_to_pop;