gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-05-08 20:56:13 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Fix some issues reported by CodeQL (#3064)

Browse Source 
Refer to https://github.com/bytecodealliance/wasm-micro-runtime/pull/2812
and https://github.com/bytecodealliance/wasm-micro-runtime/security/code-scanning?query=pr%3A2812+is%3Aopen
This commit is contained in:
Wenyong Huang 2024-01-23 21:38:30 +08:00 committed by GitHub
parent ab97d543e0
commit 9f64340529
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/iwasm/aot/aot_loader.c
View File

@ -3134,8 +3134,7 @@ resolve_execute_mode(const uint8 *buf, uint32 size, bool *p_mode,
p += 8; p += 8;
while (p < p_end) { while (p < p_end) {
read_uint32(p, p_end, section_type); read_uint32(p, p_end, section_type);
if (section_type <= AOT_SECTION_TYPE_SIGANATURE if (section_type <= AOT_SECTION_TYPE_SIGANATURE) {
|| section_type == AOT_SECTION_TYPE_TARGET_INFO) {
read_uint32(p, p_end, section_size); read_uint32(p, p_end, section_size);
CHECK_BUF(p, p_end, section_size); CHECK_BUF(p, p_end, section_size);
if (section_type == AOT_SECTION_TYPE_TARGET_INFO) { if (section_type == AOT_SECTION_TYPE_TARGET_INFO) {
@ -3150,7 +3149,7 @@ resolve_execute_mode(const uint8 *buf, uint32 size, bool *p_mode,
break; break;
} }
} }
else if (section_type > AOT_SECTION_TYPE_SIGANATURE) { else { /* section_type > AOT_SECTION_TYPE_SIGANATURE */
set_error_buf(error_buf, error_buf_size, set_error_buf(error_buf, error_buf_size,
"resolve execute mode failed"); "resolve execute mode failed");
break; break;

8
core/iwasm/common/wasm_c_api.c
View File

@ -2294,7 +2294,7 @@ wasm_module_new(wasm_store_t *store, const wasm_byte_vec_t *binary)
(uint8 *)module_ex->binary->data, (uint32)module_ex->binary->size, (uint8 *)module_ex->binary->data, (uint32)module_ex->binary->size,
error_buf, (uint32)sizeof(error_buf)); error_buf, (uint32)sizeof(error_buf));
if (!(module_ex->module_comm_rt)) { if (!(module_ex->module_comm_rt)) {
LOG_ERROR(error_buf); LOG_ERROR("%s", error_buf);
goto free_vec; goto free_vec;
} }
@ -2367,7 +2367,7 @@ wasm_module_validate(wasm_store_t *store, const wasm_byte_vec_t *binary)
} }
else { else {
ret = false; ret = false;
LOG_VERBOSE(error_buf); LOG_VERBOSE("%s", error_buf);
} }
return ret; return ret;
@ -3359,7 +3359,7 @@ wasm_func_call(const wasm_func_t *func, const wasm_val_vec_t *params,
wasm_runtime_set_exception(func->inst_comm_rt, NULL); wasm_runtime_set_exception(func->inst_comm_rt, NULL);
if (!wasm_runtime_call_wasm(exec_env, func_comm_rt, argc, argv)) { if (!wasm_runtime_call_wasm(exec_env, func_comm_rt, argc, argv)) {
if (wasm_runtime_get_exception(func->inst_comm_rt)) { if (wasm_runtime_get_exception(func->inst_comm_rt)) {
LOG_DEBUG(wasm_runtime_get_exception(func->inst_comm_rt)); LOG_DEBUG("%s", wasm_runtime_get_exception(func->inst_comm_rt));
goto failed; goto failed;
} }
} }
@ -5044,7 +5044,7 @@ failed:
*trap = wasm_trap_new(store, &message); *trap = wasm_trap_new(store, &message);
wasm_byte_vec_delete(&message); wasm_byte_vec_delete(&message);
} }
LOG_DEBUG(error_buf); LOG_DEBUG("%s", error_buf);
wasm_instance_delete_internal(instance); wasm_instance_delete_internal(instance);
return NULL; return NULL;
} }

2
core/iwasm/common/wasm_native.c
View File

@ -194,7 +194,7 @@ wasm_native_resolve_symbol(const char *module_name, const char *field_name,
{ {
NativeSymbolsNode *node, *node_next; NativeSymbolsNode *node, *node_next;
const char *signature = NULL; const char *signature = NULL;
void *func_ptr = NULL, *attachment; void *func_ptr = NULL, *attachment = NULL;
node = g_native_symbols_list; node = g_native_symbols_list;
while (node) { while (node) {

3
core/iwasm/common/wasm_runtime_common.c
View File

@ -2905,7 +2905,8 @@ copy_string_array(const char *array[], uint32 array_size, char **buf_ptr,
/* We add +1 to generate null-terminated array of strings */ /* We add +1 to generate null-terminated array of strings */
total_size = sizeof(char *) * ((uint64)array_size + 1); total_size = sizeof(char *) * ((uint64)array_size + 1);
if (total_size >= UINT32_MAX if (total_size >= UINT32_MAX
|| (total_size > 0 && !(list = wasm_runtime_malloc((uint32)total_size))) /* total_size must be larger than 0, don' check it again */
|| !(list = wasm_runtime_malloc((uint32)total_size))
|| buf_size >= UINT32_MAX || buf_size >= UINT32_MAX
|| (buf_size > 0 && !(buf = wasm_runtime_malloc((uint32)buf_size)))) { || (buf_size > 0 && !(buf = wasm_runtime_malloc((uint32)buf_size)))) {

6
core/iwasm/interpreter/wasm_loader.c
View File

@ -327,7 +327,7 @@ check_utf8_str(const uint8 *str, uint32 len)
return false; return false;
} }
} }
else if (chr >= 0xE1 && chr <= 0xEF) { else { /* chr >= 0xE1 && chr <= 0xEF */
if (p[1] < 0x80 || p[1] > 0xBF || p[2] < 0x80 || p[2] > 0xBF) { if (p[1] < 0x80 || p[1] > 0xBF || p[2] < 0x80 || p[2] > 0xBF) {
return false; return false;
} }
@ -341,13 +341,13 @@ check_utf8_str(const uint8 *str, uint32 len)
return false; return false;
} }
} }
else if (chr >= 0xF1 && chr <= 0xF3) { else if (chr <= 0xF3) { /* and also chr >= 0xF1 */
if (p[1] < 0x80 || p[1] > 0xBF || p[2] < 0x80 || p[2] > 0xBF if (p[1] < 0x80 || p[1] > 0xBF || p[2] < 0x80 || p[2] > 0xBF
|| p[3] < 0x80 || p[3] > 0xBF) { || p[3] < 0x80 || p[3] > 0xBF) {
return false; return false;
} }
} }
else if (chr == 0xF4) { else { /* chr == 0xF4 */
if (p[1] < 0x80 || p[1] > 0x8F || p[2] < 0x80 || p[2] > 0xBF if (p[1] < 0x80 || p[1] > 0x8F || p[2] < 0x80 || p[2] > 0xBF
|| p[3] < 0x80 || p[3] > 0xBF) { || p[3] < 0x80 || p[3] > 0xBF) {
return false; return false;

3
core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c
View File

@ -2013,7 +2013,8 @@ copy_buffer_to_iovec_app(wasm_module_inst_t module_inst, uint8 *buf_begin,
} }
if (buf >= buf_begin + buf_size if (buf >= buf_begin + buf_size
|| buf + data->buf_len < buf /* integer overflow */ /* integer overflow */
|| data->buf_len > UINTPTR_MAX - (uintptr_t)buf
|| buf + data->buf_len > buf_begin + buf_size || buf + data->buf_len > buf_begin + buf_size
|| size_to_copy == 0) { || size_to_copy == 0) {
break; break;

2
core/iwasm/libraries/thread-mgr/thread_manager.c
View File

@ -787,7 +787,7 @@ wasm_cluster_dup_c_api_imports(WASMModuleInstanceCommon *module_inst_dst,
{ {
/* workaround about passing instantiate-linking information */ /* workaround about passing instantiate-linking information */
CApiFuncImport **new_c_api_func_imports = NULL; CApiFuncImport **new_c_api_func_imports = NULL;
CApiFuncImport *c_api_func_imports; CApiFuncImport *c_api_func_imports = NULL;
uint32 import_func_count = 0; uint32 import_func_count = 0;
uint32 size_in_bytes = 0; uint32 size_in_bytes = 0;

4
core/shared/platform/common/posix/posix_socket.c
View File

@ -884,7 +884,7 @@ os_socket_set_ip_ttl(bh_socket_t socket, uint8_t ttl_s)
int int
os_socket_get_ip_ttl(bh_socket_t socket, uint8_t *ttl_s) os_socket_get_ip_ttl(bh_socket_t socket, uint8_t *ttl_s)
{ {
socklen_t opt_len = sizeof(ttl_s); socklen_t opt_len = sizeof(*ttl_s);
if (getsockopt(socket, IPPROTO_IP, IP_TTL, ttl_s, &opt_len) != 0) { if (getsockopt(socket, IPPROTO_IP, IP_TTL, ttl_s, &opt_len) != 0) {
return BHT_ERROR; return BHT_ERROR;
} }
@ -906,7 +906,7 @@ os_socket_set_ip_multicast_ttl(bh_socket_t socket, uint8_t ttl_s)
int int
os_socket_get_ip_multicast_ttl(bh_socket_t socket, uint8_t *ttl_s) os_socket_get_ip_multicast_ttl(bh_socket_t socket, uint8_t *ttl_s)
{ {
socklen_t opt_len = sizeof(ttl_s); socklen_t opt_len = sizeof(*ttl_s);
if (getsockopt(socket, IPPROTO_IP, IP_MULTICAST_TTL, ttl_s, &opt_len) if (getsockopt(socket, IPPROTO_IP, IP_MULTICAST_TTL, ttl_s, &opt_len)
!= 0) { != 0) {
return BHT_ERROR; return BHT_ERROR;

4
core/shared/utils/bh_hashmap.c
View File

@ -51,7 +51,9 @@ bh_hash_map_create(uint32 size, bool use_lock, HashFunc hash_func,
+ sizeof(HashMapElem *) * (uint64)size + sizeof(HashMapElem *) * (uint64)size
+ (use_lock ? sizeof(korp_mutex) : 0); + (use_lock ? sizeof(korp_mutex) : 0);
if (total_size >= UINT32_MAX || !(map = BH_MALLOC((uint32)total_size))) { /* size <= HASH_MAP_MAX_SIZE, so total_size won't be larger than
UINT32_MAX, no need to check integer overflow */
if (!(map = BH_MALLOC((uint32)total_size))) {
LOG_ERROR("HashMap create failed: alloc memory failed.\n"); LOG_ERROR("HashMap create failed: alloc memory failed.\n");
return NULL; return NULL;
} }