diff --git a/.github/workflows/build_iwasm_release.yml b/.github/workflows/build_iwasm_release.yml index 6acd90fa6..4f9cac89c 100644 --- a/.github/workflows/build_iwasm_release.yml +++ b/.github/workflows/build_iwasm_release.yml @@ -127,7 +127,7 @@ jobs: working-directory: ${{ inputs.cwd }} - name: Compress the binary on Windows - if: inputs.runner == 'windows-latest' + if: inputs.runner == 'windows-2022' run: | tar -czf iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz iwasm.exe Compress-Archive -Path iwasm.exe -DestinationPath iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.zip @@ -135,7 +135,7 @@ jobs: working-directory: ${{ inputs.cwd }}/build/Release - name: compress the binary on non-Windows - if: inputs.runner != 'windows-latest' + if: inputs.runner != 'windows-2022' run: | # Follow the symlink to the actual binary file tar --dereference -czf iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz iwasm diff --git a/.github/workflows/build_llvm_libraries.yml b/.github/workflows/build_llvm_libraries.yml index 97e665c0b..e7ab6eff2 100644 --- a/.github/workflows/build_llvm_libraries.yml +++ b/.github/workflows/build_llvm_libraries.yml @@ -118,11 +118,11 @@ jobs: key: 0-ccache-${{ inputs.os }}-${{ steps.get_last_commit.outputs.last_commit }} restore-keys: | 0-ccache-${{ inputs.os }} - if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-latest' + if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-2022' # Install tools on Windows - run: choco install -y ccache ninja - if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-latest' + if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-2022' - name: Build LLVM libraries if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' diff --git a/.github/workflows/build_wamrc.yml b/.github/workflows/build_wamrc.yml index 07e3c7cdb..3502e16c6 100644 --- a/.github/workflows/build_wamrc.yml +++ b/.github/workflows/build_wamrc.yml @@ -63,7 +63,7 @@ jobs: working-directory: wamr-compiler - name: Compress the binary on Windows - if: inputs.runner == 'windows-latest' && inputs.release + if: inputs.runner == 'windows-2022' && inputs.release run: | tar -czf wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz wamrc.exe Compress-Archive -Path wamrc.exe -DestinationPath wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.zip @@ -71,7 +71,7 @@ jobs: working-directory: wamr-compiler/build/Release - name: compress the binary on non-Windows - if: inputs.runner != 'windows-latest' && inputs.release + if: inputs.runner != 'windows-2022' && inputs.release run: | # Follow the symlink to the actual binary file tar --dereference -czf wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz wamrc diff --git a/.github/workflows/compilation_on_windows.yml b/.github/workflows/compilation_on_windows.yml index 7cee2aa40..d3c717d8c 100644 --- a/.github/workflows/compilation_on_windows.yml +++ b/.github/workflows/compilation_on_windows.yml @@ -1,7 +1,7 @@ # Copyright (C) 2019 Intel Corporation. All rights reserved. # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception -name: compilation on windows-latest +name: compilation on windows-2022 on: # will be triggered on PR events @@ -63,11 +63,11 @@ jobs: actions: write uses: ./.github/workflows/build_llvm_libraries.yml with: - os: "windows-latest" + os: "windows-2022" arch: "AArch64 ARM Mips RISCV X86" build_iwasm: - runs-on: windows-latest + runs-on: windows-2022 strategy: matrix: build_options: @@ -105,7 +105,7 @@ jobs: strategy: matrix: include: - - os: windows-latest + - os: windows-2022 llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }} steps: - name: checkout @@ -136,7 +136,7 @@ jobs: working-directory: wamr-compiler test: - runs-on: windows-latest + runs-on: windows-2022 needs: [build_iwasm, build_wamrc] strategy: fail-fast: false diff --git a/.github/workflows/release_process.yml b/.github/workflows/release_process.yml index bb99681dc..3d659143d 100644 --- a/.github/workflows/release_process.yml +++ b/.github/workflows/release_process.yml @@ -85,7 +85,7 @@ jobs: needs: [create_tag, create_release] uses: ./.github/workflows/build_llvm_libraries.yml with: - os: "windows-latest" + os: "windows-2022" arch: "AArch64 ARM Mips RISCV X86" # @@ -122,7 +122,7 @@ jobs: with: llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }} release: true - runner: windows-latest + runner: windows-2022 upload_url: ${{ needs.create_release.outputs.upload_url }} ver_num: ${{ needs.create_tag.outputs.new_ver }} @@ -160,7 +160,7 @@ jobs: with: cwd: product-mini/platforms/windows llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }} - runner: windows-latest + runner: windows-2022 upload_url: ${{ needs.create_release.outputs.upload_url }} ver_num: ${{ needs.create_tag.outputs.new_ver}} diff --git a/core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c b/core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c index f7dfea0b5..510004274 100644 --- a/core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c +++ b/core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c @@ -1161,6 +1161,9 @@ wasi_sock_accept(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_fdflags_t flags, if (!wasi_ctx) return __WASI_EACCES; + if (!validate_native_addr(fd_new, sizeof(*fd_new))) + return __WASI_EINVAL; + curfds = wasi_ctx_get_curfds(wasi_ctx); return wasi_ssp_sock_accept(exec_env, curfds, fd, flags, fd_new); @@ -1219,6 +1222,19 @@ wasi_sock_addr_resolve(wasm_exec_env_t exec_env, const char *host, if (!wasi_ctx) return __WASI_EACCES; + if (!validate_native_addr(hints, sizeof(*hints))) + return __WASI_EINVAL; + + uint64_t addr_info_byte_size = sizeof(*addr_info) * addr_info_size; + if (addr_info_byte_size / addr_info_size != sizeof(*addr_info)) + return __WASI_EINVAL; + + if (!validate_native_addr(addr_info, addr_info_byte_size)) + return __WASI_EINVAL; + + if (!validate_native_addr(max_info_size, sizeof(*max_info_size))) + return __WASI_EINVAL; + curfds = wasi_ctx_get_curfds(wasi_ctx); ns_lookup_list = wasi_ctx_get_ns_lookup_list(wasi_ctx); @@ -1238,6 +1254,9 @@ wasi_sock_bind(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr) if (!wasi_ctx) return __WASI_EACCES; + if (!validate_native_addr(addr, sizeof(*addr))) + return __WASI_EINVAL; + curfds = wasi_ctx_get_curfds(wasi_ctx); addr_pool = wasi_ctx_get_addr_pool(wasi_ctx); @@ -1264,6 +1283,9 @@ wasi_sock_connect(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr) if (!wasi_ctx) return __WASI_EACCES; + if (!validate_native_addr(addr, sizeof(*addr))) + return __WASI_EINVAL; + curfds = wasi_ctx_get_curfds(wasi_ctx); addr_pool = wasi_ctx_get_addr_pool(wasi_ctx); @@ -1643,6 +1665,9 @@ wasi_sock_open(wasm_exec_env_t exec_env, wasi_fd_t poolfd, if (!wasi_ctx) return __WASI_EACCES; + if (!validate_native_addr(sockfd, sizeof(*sockfd))) + return __WASI_EINVAL; + curfds = wasi_ctx_get_curfds(wasi_ctx); return wasi_ssp_sock_open(exec_env, curfds, poolfd, af, socktype, sockfd); @@ -2082,6 +2107,10 @@ wasi_sock_recv_from(wasm_exec_env_t exec_env, wasi_fd_t sock, return __WASI_EINVAL; } + /* note: src_addr is NULL when called by wasi_sock_recv */ + if (src_addr != NULL && !validate_native_addr(src_addr, sizeof(*src_addr))) + return __WASI_EINVAL; + if (!validate_native_addr(ro_data_len, (uint64)sizeof(uint32))) return __WASI_EINVAL; @@ -2118,16 +2147,19 @@ wasi_sock_recv(wasm_exec_env_t exec_env, wasi_fd_t sock, iovec_app_t *ri_data, wasi_roflags_t *ro_flags) { wasm_module_inst_t module_inst = get_module_inst(exec_env); - __wasi_addr_t src_addr; wasi_errno_t error; + if (!validate_native_addr(ro_data_len, sizeof(*ro_data_len))) + return __WASI_EINVAL; + if (!validate_native_addr(ro_flags, (uint64)sizeof(wasi_roflags_t))) return __WASI_EINVAL; + // We call `recvfrom` with NULL source address as `recv` doesn't + // return the source address and this parameter is not used. + *ro_data_len = 0; error = wasi_sock_recv_from(exec_env, sock, ri_data, ri_data_len, ri_flags, - &src_addr, ro_data_len); - *ro_flags = ri_flags; - + NULL, ro_data_len); return error; } @@ -2228,6 +2260,9 @@ wasi_sock_send_to(wasm_exec_env_t exec_env, wasi_fd_t sock, return __WASI_EINVAL; } + if (!validate_native_addr((void *)dest_addr, sizeof(*dest_addr))) + return __WASI_EINVAL; + if (!validate_native_addr(so_data_len, (uint64)sizeof(uint32))) return __WASI_EINVAL; diff --git a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c index bef4c19f3..b99ca92f0 100644 --- a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c +++ b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c @@ -2854,7 +2854,11 @@ wasmtime_ssp_sock_recv_from(wasm_exec_env_t exec_env, struct fd_table *curfds, return convert_errno(errno); } - bh_sockaddr_to_wasi_addr(&sockaddr, src_addr); + // If the source address is not NULL, we need to convert the sockaddr + // back to __wasi_addr_t format. + if (src_addr != NULL) { + bh_sockaddr_to_wasi_addr(&sockaddr, src_addr); + } *recv_len = (size_t)ret; return __WASI_ESUCCESS;