From ea417d7619db70ee79856d486e0b3cc3406155f9 Mon Sep 17 00:00:00 2001 From: "liang.he" Date: Wed, 7 May 2025 09:45:49 +0800 Subject: [PATCH] Add overflow check for preserved local offset in preserve_referenced_local (#4211) --- core/iwasm/interpreter/wasm_loader.c | 9 +++++++++ core/iwasm/interpreter/wasm_mini_loader.c | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c index fc68e5966..ef4020a36 100644 --- a/core/iwasm/interpreter/wasm_loader.c +++ b/core/iwasm/interpreter/wasm_loader.c @@ -9197,6 +9197,15 @@ preserve_referenced_local(WASMLoaderContext *loader_ctx, uint8 opcode, loader_ctx->preserved_local_offset += 2; emit_label(EXT_OP_COPY_STACK_TOP_I64); } + + /* overflow */ + if (preserved_offset > loader_ctx->preserved_local_offset) { + set_error_buf_v(error_buf, error_buf_size, + "too much local cells 0x%x", + loader_ctx->preserved_local_offset); + return false; + } + emit_operand(loader_ctx, local_index); emit_operand(loader_ctx, preserved_offset); emit_label(opcode); diff --git a/core/iwasm/interpreter/wasm_mini_loader.c b/core/iwasm/interpreter/wasm_mini_loader.c index af9ea5046..23fb76370 100644 --- a/core/iwasm/interpreter/wasm_mini_loader.c +++ b/core/iwasm/interpreter/wasm_mini_loader.c @@ -4778,6 +4778,11 @@ preserve_referenced_local(WASMLoaderContext *loader_ctx, uint8 opcode, loader_ctx->preserved_local_offset += 2; emit_label(EXT_OP_COPY_STACK_TOP_I64); } + + /* overflow */ + bh_assert(preserved_offset + <= loader_ctx->preserved_local_offset); + emit_operand(loader_ctx, local_index); emit_operand(loader_ctx, preserved_offset); emit_label(opcode);