diff options
| author | Alon Zakai <azakai@google.com> | 2023-08-23 11:08:43 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-23 11:08:43 -0700 |
| commit | 1cd3cff4820222901eaa015fd2d7b0b4b5b7fc3e (patch) | |
| tree | d972bbacb9c50082cb56cdabb869a30444556a9c | |
| parent | 471c802a25106ca102180d3d1f13c5fcf6aecab9 (diff) | |
| download | binaryen-1cd3cff4820222901eaa015fd2d7b0b4b5b7fc3e.tar.gz binaryen-1cd3cff4820222901eaa015fd2d7b0b4b5b7fc3e.tar.bz2 binaryen-1cd3cff4820222901eaa015fd2d7b0b4b5b7fc3e.zip | |
wasm-ctor-eval: Limit memory to a reasonable amount (#5896)
In practice we don't need high addresses, and when they happen the current
implementation can OOM, so exit early on them instead.
Fixes #5893
| -rw-r--r-- | src/tools/wasm-ctor-eval.cpp | 11 | ||||
| -rw-r--r-- | test/lit/ctor-eval/high_memory.wast | 42 |
2 files changed, 53 insertions, 0 deletions
diff --git a/src/tools/wasm-ctor-eval.cpp b/src/tools/wasm-ctor-eval.cpp index a935475ff..1b60a9222 100644 --- a/src/tools/wasm-ctor-eval.cpp +++ b/src/tools/wasm-ctor-eval.cpp @@ -446,6 +446,14 @@ struct CtorEvalExternalInterface : EvallingModuleRunner::ExternalInterface { } private: + // We limit the size of memory to some reasonable amount. We handle memory in + // a linear/dense manner, so when we see a write to address X we allocate X + // memory to represent that, and so very high addresses can lead to OOM. In + // practice, ctor-eval should only run on low addresses anyhow, since static + // memory tends to be reasonably-sized and mallocs start at the start of the + // heap, so it's simpler to add an arbitrary limit here to avoid OOMs for now. + const size_t MaximumMemory = 100 * 1024 * 1024; + // TODO: handle unaligned too, see shell-interface template<typename T> T* getMemory(Address address, Name memoryName) { auto it = memories.find(memoryName); @@ -454,6 +462,9 @@ private: // resize the memory buffer as needed. auto max = address + sizeof(T); if (max > memory.size()) { + if (max > MaximumMemory) { + throw FailToEvalException("excessively high memory address accessed"); + } memory.resize(max); } return (T*)(&memory[address]); diff --git a/test/lit/ctor-eval/high_memory.wast b/test/lit/ctor-eval/high_memory.wast new file mode 100644 index 000000000..edcfe2446 --- /dev/null +++ b/test/lit/ctor-eval/high_memory.wast @@ -0,0 +1,42 @@ +;; NOTE: Assertions have been generated by update_lit_checks.py --all-items and should not be edited. +;; RUN: wasm-ctor-eval %s --ctors=test1,test2 --kept-exports=test1,test2 --quiet -all -S -o - | filecheck %s + +(module + ;; CHECK: (type $none_=>_none (func)) + + ;; CHECK: (memory $0 1616) + (memory $0 1616) ;; 101 MB + + (func "test1" + ;; This write will be evalled into a data segment and removed. + (i32.store8 + (i32.const 0x63fffff) ;; 100 MB - 1 + (i32.const 42) + ) + ) + + (func "test2" + ;; We stop at this write to a high address (wasm-ctor-eval generally only + ;; writes to low addresses, so it is tuned for that) + (i32.store8 + (i32.const 0x6400000) ;; 100 MB + (i32.const 43) + ) + ) +) +;; CHECK: (data $0 (i32.const 104857599) "*") + +;; CHECK: (export "test1" (func $0_2)) + +;; CHECK: (export "test2" (func $1)) + +;; CHECK: (func $1 (type $none_=>_none) +;; CHECK-NEXT: (i32.store8 +;; CHECK-NEXT: (i32.const 104857600) +;; CHECK-NEXT: (i32.const 43) +;; CHECK-NEXT: ) +;; CHECK-NEXT: ) + +;; CHECK: (func $0_2 (type $none_=>_none) +;; CHECK-NEXT: (nop) +;; CHECK-NEXT: ) |