gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2026-04-18 18:18:44 +00:00
Code Issues Actions 18 Packages Projects Releases Wiki Activity

fix: use copy of input for wasm_runtime_load to fix overwrites-const-input in fuzz (#4869)

Browse Source 
Signed-off-by: zhenweijin <zhenwei.jin@intel.com>
This commit is contained in:
Zhenwei Jin 2026-03-16 16:25:00 +08:00 committed by GitHub
parent 26aa924acd
commit db246776ec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tests/fuzz/wasm-mutator-fuzz/aot-compiler/aot_compiler_fuzz.cc
View File

@ -39,10 +39,12 @@ LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
wasm_module_t aot_module = NULL;
wasm_module_inst_t inst = NULL;
/* libfuzzer don't allow to modify the given Data, but get_package_type and
* wasm_runtime_load only read the data, so we can safely use const_cast */
/* wasm_runtime_load may modify the input buffer in-place,
* so we must work on a copy to avoid overwriting libFuzzer's const input */
std::vector<uint8_t> data_copy(Data, Data + Size);
if (Size >= 4
&& get_package_type(const_cast<uint8_t *>(Data), Size)
&& get_package_type(data_copy.data(), Size)
!= Wasm_Module_Bytecode) {
printf("Invalid wasm file: magic header not detected\n");
return 0;
@ -50,7 +52,7 @@ LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
wasm_runtime_init();
module = wasm_runtime_load(const_cast<uint8_t *>(Data), Size, error_buf,
module = wasm_runtime_load(data_copy.data(), Size, error_buf,
MAX_ERROR_BUF_SIZE);
if (!module) {
std::cout << "[LOADING] " << error_buf << std::endl;

8
tests/fuzz/wasm-mutator-fuzz/wasm-mutator/wasm_mutator_fuzz.cc
View File

@ -15,13 +15,15 @@ using namespace std;
extern "C" int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
/* libfuzzer don't allow us to modify the given Data, but wasm_runtime_load
* only reads the data, so we can safely use const_cast */
/* wasm_runtime_load may modify the input buffer in-place,
* so we must work on a copy to avoid overwriting libFuzzer's const input */
std::vector<uint8_t> data_copy(Data, Data + Size);
/* init runtime environment */
wasm_runtime_init();
char error_buf[ERROR_BUF_SIZE] = { 0 };
wasm_module_t module = wasm_runtime_load(const_cast<uint8_t *>(Data), Size,
wasm_module_t module = wasm_runtime_load(data_copy.data(), Size,
error_buf, MAX_ERROR_BUF_SIZE);
if (!module) {
std::cout << "[LOADING] " << error_buf << std::endl;