From 622cdbefd607324c6e1b04bf991523a6601714f1 Mon Sep 17 00:00:00 2001 From: Martin Klang <102801444+MartinKlang@users.noreply.github.com> Date: Sat, 14 Jan 2023 00:52:39 +0100 Subject: [PATCH] Prevent undefined behavior from c_api_func_imports == NULL (#1883) The module instance's c_api_func_imports may be NULL under some circumstances, add checks before accessing it. --- core/iwasm/aot/aot_runtime.c | 7 +++++-- core/iwasm/interpreter/wasm_interp_classic.c | 2 +- core/iwasm/interpreter/wasm_interp_fast.c | 2 +- core/iwasm/interpreter/wasm_runtime.c | 10 ++++++++-- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/core/iwasm/aot/aot_runtime.c b/core/iwasm/aot/aot_runtime.c index 8f79d46ab..9d4d763b5 100644 --- a/core/iwasm/aot/aot_runtime.c +++ b/core/iwasm/aot/aot_runtime.c @@ -1787,7 +1787,9 @@ aot_invoke_native(WASMExecEnv *exec_env, uint32 func_idx, uint32 argc, AOTModuleInstanceExtra *module_inst_extra = (AOTModuleInstanceExtra *)module_inst->e; CApiFuncImport *c_api_func_import = - module_inst_extra->c_api_func_imports + func_idx; + module_inst_extra->c_api_func_imports + ? module_inst_extra->c_api_func_imports + func_idx + : NULL; uint32 *func_type_indexes = module_inst->func_type_indexes; uint32 func_type_idx = func_type_indexes[func_idx]; AOTFuncType *func_type = aot_module->func_types[func_type_idx]; @@ -1803,7 +1805,8 @@ aot_invoke_native(WASMExecEnv *exec_env, uint32 func_idx, uint32 argc, import_func = aot_module->import_funcs + func_idx; if (import_func->call_conv_wasm_c_api) - func_ptr = c_api_func_import->func_ptr_linked; + func_ptr = + c_api_func_import ? c_api_func_import->func_ptr_linked : NULL; if (!func_ptr) { snprintf(buf, sizeof(buf), diff --git a/core/iwasm/interpreter/wasm_interp_classic.c b/core/iwasm/interpreter/wasm_interp_classic.c index fa542b14e..46c5ff444 100644 --- a/core/iwasm/interpreter/wasm_interp_classic.c +++ b/core/iwasm/interpreter/wasm_interp_classic.c @@ -891,7 +891,7 @@ wasm_interp_call_func_native(WASMModuleInstance *module_inst, if (!func_import->call_conv_wasm_c_api) { native_func_pointer = module_inst->import_func_ptrs[cur_func_index]; } - else { + else if (module_inst->e->c_api_func_imports) { c_api_func_import = module_inst->e->c_api_func_imports + cur_func_index; native_func_pointer = c_api_func_import->func_ptr_linked; } diff --git a/core/iwasm/interpreter/wasm_interp_fast.c b/core/iwasm/interpreter/wasm_interp_fast.c index 3109b0c82..0ea920f23 100644 --- a/core/iwasm/interpreter/wasm_interp_fast.c +++ b/core/iwasm/interpreter/wasm_interp_fast.c @@ -925,7 +925,7 @@ wasm_interp_call_func_native(WASMModuleInstance *module_inst, if (!func_import->call_conv_wasm_c_api) { native_func_pointer = module_inst->import_func_ptrs[cur_func_index]; } - else { + else if (module_inst->e->c_api_func_imports) { c_api_func_import = module_inst->e->c_api_func_imports + cur_func_index; native_func_pointer = c_api_func_import->func_ptr_linked; } diff --git a/core/iwasm/interpreter/wasm_runtime.c b/core/iwasm/interpreter/wasm_runtime.c index 6ef144967..cf363af4a 100644 --- a/core/iwasm/interpreter/wasm_runtime.c +++ b/core/iwasm/interpreter/wasm_runtime.c @@ -2908,8 +2908,14 @@ llvm_jit_invoke_native(WASMExecEnv *exec_env, uint32 func_idx, uint32 argc, import_func = &module->import_functions[func_idx].u.function; if (import_func->call_conv_wasm_c_api) { - c_api_func_import = module_inst->e->c_api_func_imports + func_idx; - func_ptr = c_api_func_import->func_ptr_linked; + if (module_inst->e->c_api_func_imports) { + c_api_func_import = module_inst->e->c_api_func_imports + func_idx; + func_ptr = c_api_func_import->func_ptr_linked; + } + else { + c_api_func_import = NULL; + func_ptr = NULL; + } } if (!func_ptr) {