Add overflow check for preserved local offset in preserve_referenced_local (#4211)

This commit is contained in:
liang.he 2025-05-07 09:45:49 +08:00 committed by GitHub
parent bb36a43fa4
commit ea417d7619
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 0 deletions

View File

@ -9197,6 +9197,15 @@ preserve_referenced_local(WASMLoaderContext *loader_ctx, uint8 opcode,
loader_ctx->preserved_local_offset += 2;
emit_label(EXT_OP_COPY_STACK_TOP_I64);
}
/* overflow */
if (preserved_offset > loader_ctx->preserved_local_offset) {
set_error_buf_v(error_buf, error_buf_size,
"too much local cells 0x%x",
loader_ctx->preserved_local_offset);
return false;
}
emit_operand(loader_ctx, local_index);
emit_operand(loader_ctx, preserved_offset);
emit_label(opcode);

View File

@ -4778,6 +4778,11 @@ preserve_referenced_local(WASMLoaderContext *loader_ctx, uint8 opcode,
loader_ctx->preserved_local_offset += 2;
emit_label(EXT_OP_COPY_STACK_TOP_I64);
}
/* overflow */
bh_assert(preserved_offset
<= loader_ctx->preserved_local_offset);
emit_operand(loader_ctx, local_index);
emit_operand(loader_ctx, preserved_offset);
emit_label(opcode);