gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2024-10-16 13:02:32 +00:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

Fixing use after free when dumping call stack (#2084)

Browse Source 
In multi-threading, this line will eventually call `wasm_cluster_wait_for_all_except_self`:
`DEINIT_VEC(store->instances, wasm_instance_vec_delete)`

As the threads are joining they can call `wasm_interp_dump_call_stack` which tries to
use the module frames but they were already freed by this line:
`DEINIT_VEC(store->modules, wasm_module_vec_delete)`

This PR swaps the order that these are deleted so module is deleted after the instances.

Co-authored-by: Andrew Chambers <ncham@amazon.com>
This commit is contained in:
Andy 2023-03-30 01:01:16 +00:00 committed by GitHub
parent b0736e2e88
commit 5aa22d41e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/iwasm/common/wasm_c_api.c
View File

@ -687,8 +687,8 @@ wasm_store_delete(wasm_store_t *store)
return; return;
} }
DEINIT_VEC(store->modules, wasm_module_vec_delete);
DEINIT_VEC(store->instances, wasm_instance_vec_delete); DEINIT_VEC(store->instances, wasm_instance_vec_delete);
DEINIT_VEC(store->modules, wasm_module_vec_delete);
if (store->foreigns) { if (store->foreigns) {
bh_vector_destroy(store->foreigns); bh_vector_destroy(store->foreigns);
wasm_runtime_free(store->foreigns); wasm_runtime_free(store->foreigns);