gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-02-06 15:05:19 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Fix two issues to make fuzzing test quit earlier (#3471)

Browse Source 
- Add a marco to limit the maxi allocable memory size of fuzz test to
  2GB to avoid libFuzzer out-of-memory
- Check global type in load_global_import and load_global_section
This commit is contained in:
liang.he 2024-05-30 14:55:21 +08:00 committed by GitHub
parent a2a8b32456
commit d29802c451
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/config.h
View File

@ -663,4 +663,17 @@
#define WASM_MEM_ALLOC_WITH_USAGE 0 #define WASM_MEM_ALLOC_WITH_USAGE 0
#endif #endif
#ifndef WASM_ENABLE_FUZZ_TEST
#define WASM_ENABLE_FUZZ_TEST 0
#endif
#ifndef WASM_MEM_ALLOC_MAX_SIZE
#if WASM_ENABLE_FUZZ_TEST != 0
/* In oss-fuzz, the maximum RAM is ~2.5G */
#define WASM_MEM_ALLOC_MAX_SIZE (2U * 1024 * 1024 * 1024)
#else
#define WASM_MEM_ALLOC_MAX_SIZE UINT32_MAX
#endif
#endif
#endif /* end of _CONFIG_H_ */ #endif /* end of _CONFIG_H_ */

13
core/iwasm/interpreter/wasm_loader.c
View File

@ -379,7 +379,8 @@ loader_malloc(uint64 size, char *error_buf, uint32 error_buf_size)
{ {
void *mem; void *mem;
if (size >= UINT32_MAX || !(mem = wasm_runtime_malloc((uint32)size))) { if (size >= WASM_MEM_ALLOC_MAX_SIZE
|| !(mem = wasm_runtime_malloc((uint32)size))) {
set_error_buf(error_buf, error_buf_size, "allocate memory failed"); set_error_buf(error_buf, error_buf_size, "allocate memory failed");
return NULL; return NULL;
} }
@ -3052,7 +3053,12 @@ load_global_import(const uint8 **p_buf, const uint8 *buf_end,
#if WASM_ENABLE_GC == 0 #if WASM_ENABLE_GC == 0
CHECK_BUF(p, p_end, 2); CHECK_BUF(p, p_end, 2);
/* global type */
declare_type = read_uint8(p); declare_type = read_uint8(p);
if (!is_value_type(declare_type)) {
set_error_buf(error_buf, error_buf_size, "type mismatch");
return false;
}
declare_mutable = read_uint8(p); declare_mutable = read_uint8(p);
#else #else
if (!resolve_value_type(&p, p_end, parent_module, parent_module->type_count, if (!resolve_value_type(&p, p_end, parent_module, parent_module->type_count,
@ -4034,7 +4040,12 @@ load_global_section(const uint8 *buf, const uint8 *buf_end, WASMModule *module,
for (i = 0; i < global_count; i++, global++) { for (i = 0; i < global_count; i++, global++) {
#if WASM_ENABLE_GC == 0 #if WASM_ENABLE_GC == 0
CHECK_BUF(p, p_end, 2); CHECK_BUF(p, p_end, 2);
/* global type */
global->type.val_type = read_uint8(p); global->type.val_type = read_uint8(p);
if (!is_value_type(global->type.val_type)) {
set_error_buf(error_buf, error_buf_size, "type mismatch");
return false;
}
mutable = read_uint8(p); mutable = read_uint8(p);
#else #else
if (!resolve_value_type(&p, p_end, module, module->type_count, if (!resolve_value_type(&p, p_end, module, module->type_count,

2
tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt
View File

@ -113,7 +113,7 @@ message([ceith]:REPO_ROOT_DIR, ${REPO_ROOT_DIR})
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
add_definitions(-DWAMR_USE_MEM_POOL=0) add_definitions(-DWAMR_USE_MEM_POOL=0 -DWASM_ENABLE_FUZZ_TEST=1)
# Enable fuzzer # Enable fuzzer
add_compile_options(-fsanitize=fuzzer) add_compile_options(-fsanitize=fuzzer)

2
tests/fuzz/wasm-mutator-fuzz/workspace/CMakeLists.txt
View File

@ -113,7 +113,7 @@ message([ceith]:REPO_ROOT_DIR, ${REPO_ROOT_DIR})
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
add_definitions(-DWAMR_USE_MEM_POOL=0) add_definitions(-DWAMR_USE_MEM_POOL=0 -DWASM_ENABLE_FUZZ_TEST=1)
# Enable fuzzer # Enable fuzzer
add_compile_options(-fsanitize=fuzzer) add_compile_options(-fsanitize=fuzzer)