gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-02-11 09:25:20 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fix two fuzz issues (#3529)

Browse Source 
- #69598: protect from `0-1`
- #69608: in case no tailing `\0`
This commit is contained in:
liang.he 2024-06-14 15:42:21 +08:00 committed by GitHub
parent f844b33b2d
commit 6621793acc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/iwasm/aot/aot_loader.c
View File

@ -326,14 +326,18 @@ load_string(uint8 **p_buf, const uint8 *buf_end, AOTModule *module,
/* The string is always terminated with '\0', use it directly.
* In this case, the file buffer can be referred to after loading.
*/
bh_assert(p[str_len - 1] == '\0');
if (p[str_len - 1] != '\0')
goto fail;
str = (char *)p;
}
else {
/* Load from sections, the file buffer cannot be referred to
after loading, we must create another string and insert it
into const string set */
bh_assert(p[str_len - 1] == '\0');
if (p[str_len - 1] != '\0')
goto fail;
if (!(str = aot_const_str_set_insert((uint8 *)p, str_len, module,
#if (WASM_ENABLE_WORD_ALIGN_READ != 0)
is_vram_word_align,
@ -568,7 +572,7 @@ get_native_symbol_by_name(const char *name)
sym = get_target_symbol_map(&symnum);
while (symnum--) {
while (symnum && symnum--) {
if (strcmp(sym->symbol_name, name) == 0) {
func = sym->symbol_addr;
break;