diff options
| author | Alon Zakai <alonzakai@gmail.com> | 2019-01-16 11:15:05 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-16 11:15:05 -0800 |
| commit | cbb24eb4a0810640c9dcee2f6682c64f9bc6c512 (patch) | |
| tree | d9a35b452445045131e15697ae538aca7a9fec98 | |
| parent | d24427dcc8cd6e0dbcd8c302eb2e8a5d0d6fdead (diff) | |
| download | binaryen-cbb24eb4a0810640c9dcee2f6682c64f9bc6c512.tar.gz binaryen-cbb24eb4a0810640c9dcee2f6682c64f9bc6c512.tar.bz2 binaryen-cbb24eb4a0810640c9dcee2f6682c64f9bc6c512.zip | |
Misc minor ASAN fixes (#1869)
* handle end of input in skipWhitespace in s-parser. fixes #1863
* ignore debug locations when not in a function ; fixes #1867
* error properly on invalid user section sizes ; fixes #1866
* throw a proper error on invalid call offsets in binary reading ; fixes #1865
| -rw-r--r-- | src/wasm/wasm-binary.cpp | 14 | ||||
| -rw-r--r-- | src/wasm/wasm-s-parser.cpp | 7 |
2 files changed, 14 insertions, 7 deletions
diff --git a/src/wasm/wasm-binary.cpp b/src/wasm/wasm-binary.cpp index a78636c92..05ed72a56 100644 --- a/src/wasm/wasm-binary.cpp +++ b/src/wasm/wasm-binary.cpp @@ -709,8 +709,13 @@ void WasmBinaryBuilder::read() { void WasmBinaryBuilder::readUserSection(size_t payloadLen) { auto oldPos = pos; Name sectionName = getInlineString(); + size_t read = pos - oldPos; + if (read > payloadLen) { + throwError("bad user section size"); + } + payloadLen -= read; if (sectionName.equals(BinaryConsts::UserSections::Name)) { - readNames(payloadLen - (pos - oldPos)); + readNames(payloadLen); } else { // an unfamiliar custom section if (sectionName.equals(BinaryConsts::UserSections::Linking)) { @@ -719,7 +724,7 @@ void WasmBinaryBuilder::readUserSection(size_t payloadLen) { wasm.userSections.resize(wasm.userSections.size() + 1); auto& section = wasm.userSections.back(); section.name = sectionName.str; - auto sectionSize = payloadLen - (pos - oldPos); + auto sectionSize = payloadLen; section.data.resize(sectionSize); for (size_t i = 0; i < sectionSize; i++) { section.data[i] = getInt8(); @@ -1950,7 +1955,10 @@ void WasmBinaryBuilder::visitCall(Call* curr) { auto* import = functionImports[index]; type = wasm.getFunctionType(import->type); } else { - auto adjustedIndex = index - functionImports.size(); + Index adjustedIndex = index - functionImports.size(); + if (adjustedIndex >= functionTypes.size()) { + throwError("invalid call index"); + } type = functionTypes[adjustedIndex]; } assert(type); diff --git a/src/wasm/wasm-s-parser.cpp b/src/wasm/wasm-s-parser.cpp index 96686cd4d..fe622f54a 100644 --- a/src/wasm/wasm-s-parser.cpp +++ b/src/wasm/wasm-s-parser.cpp @@ -185,15 +185,14 @@ void SExpressionParser::skipWhitespace() { } while (input[0] && input[0] != '\n') input++; line++; + if (!input[0]) return; lineStart = ++input; } else if (input[0] == '(' && input[1] == ';') { // Skip nested block comments. input += 2; int depth = 1; while (1) { - if (input[0] == 0) { - return; - } + if (!input[0]) return; if (input[0] == '(' && input[1] == ';') { input += 2; depth++; @@ -656,7 +655,7 @@ Function::DebugLocation SExpressionWasmBuilder::getDebugLocation(const SourceLoc Expression* SExpressionWasmBuilder::parseExpression(Element& s) { Expression* result = makeExpression(s); - if (s.startLoc) { + if (s.startLoc && currFunction) { currFunction->debugLocations[result] = getDebugLocation(*s.startLoc); } return result; |