gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-10-31 13:17:31 +00:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Fix possible integer overflow in loader target block check (#3133)

Browse Source 
Checking with `loader_ctx->csp_num < depth + 1` has potential integer overflow
issue when depth is UINT_MAX, change to `loader_ctx->csp_num - 1 < depth`
instead.

Reported in https://github.com/bytecodealliance/wasm-micro-runtime/issues/3130.
This commit is contained in:
Wenyong Huang 2024-02-05 16:00:58 +08:00 committed by GitHub
parent 1a676f212b
commit b8ff98c810
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/iwasm/interpreter/wasm_loader.c
View File

@ -7071,7 +7071,8 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth,
int32 i, available_stack_cell;
uint16 cell_num;
if (loader_ctx->csp_num < depth + 1) {
bh_assert(loader_ctx->csp_num > 0);
if (loader_ctx->csp_num - 1 < depth) {
set_error_buf(error_buf, error_buf_size,
"unknown label, "
"unexpected end of section or function");

3
core/iwasm/interpreter/wasm_mini_loader.c
View File

@ -5226,7 +5226,8 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth,
int32 i, available_stack_cell;
uint16 cell_num;
if (loader_ctx->csp_num < depth + 1) {
bh_assert(loader_ctx->csp_num > 0);
if (loader_ctx->csp_num - 1 < depth) {
set_error_buf(error_buf, error_buf_size,
"unknown label, "
"unexpected end of section or function");