From e360b7a919247d2ab4d0363e1edf53bd8c073210 Mon Sep 17 00:00:00 2001 From: YAMAMOTO Takashi Date: Mon, 14 Aug 2023 18:27:14 +0900 Subject: [PATCH] wasm_instantiate: Fix a potential integer overflow issue (#2459) Fixes: https://github.com/bytecodealliance/wasm-micro-runtime/issues/2450 --- core/iwasm/interpreter/wasm_runtime.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core/iwasm/interpreter/wasm_runtime.c b/core/iwasm/interpreter/wasm_runtime.c index 63df4cb37..2b88c398f 100644 --- a/core/iwasm/interpreter/wasm_runtime.c +++ b/core/iwasm/interpreter/wasm_runtime.c @@ -1839,7 +1839,7 @@ wasm_instantiate(WASMModule *module, WASMModuleInstance *parent, for (i = 0; i < module->data_seg_count; i++) { WASMMemoryInstance *memory = NULL; uint8 *memory_data = NULL; - uint32 memory_size = 0; + uint64 memory_size = 0; WASMDataSeg *data_seg = module->data_segments[i]; #if WASM_ENABLE_BULK_MEMORY != 0 @@ -1852,7 +1852,8 @@ wasm_instantiate(WASMModule *module, WASMModuleInstance *parent, bh_assert(memory); memory_data = memory->memory_data; - memory_size = memory->num_bytes_per_page * memory->cur_page_count; + memory_size = + (uint64)memory->num_bytes_per_page * memory->cur_page_count; bh_assert(memory_data || memory_size == 0); bh_assert(data_seg->base_offset.init_expr_type @@ -1898,7 +1899,7 @@ wasm_instantiate(WASMModule *module, WASMModuleInstance *parent, /* check offset + length(could be zero) */ length = data_seg->data_length; - if (base_offset + length > memory_size) { + if ((uint64)base_offset + length > memory_size) { LOG_DEBUG("base_offset(%d) + length(%d) > memory_size(%d)", base_offset, length, memory_size); #if WASM_ENABLE_REF_TYPES != 0