diff options
| author | Alon Zakai (kripken) <alonzakai@gmail.com> | 2017-05-30 19:55:40 -0700 |
|---|---|---|
| committer | Alon Zakai <alonzakai@gmail.com> | 2017-06-01 13:17:45 -0700 |
| commit | fd71c67747c3a85db9670a0d558670c4cb124c91 (patch) | |
| tree | 76540c046674e21fd66d92083562698b503d5f35 | |
| parent | 1c7e82a4c6035d9ab52d892065bfff709a4424f8 (diff) | |
| download | binaryen-fd71c67747c3a85db9670a0d558670c4cb124c91.tar.gz binaryen-fd71c67747c3a85db9670a0d558670c4cb124c91.tar.bz2 binaryen-fd71c67747c3a85db9670a0d558670c4cb124c91.zip | |
handle out of range memory size values in s-expr parsing
| -rw-r--r-- | src/wasm/wasm-s-parser.cpp | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/wasm/wasm-s-parser.cpp b/src/wasm/wasm-s-parser.cpp index 5ea8f2b0f..d3f411263 100644 --- a/src/wasm/wasm-s-parser.cpp +++ b/src/wasm/wasm-s-parser.cpp @@ -1460,7 +1460,11 @@ void SExpressionWasmBuilder::parseMemory(Element& s, bool preParseImport) { return; } } - wasm.memory.initial = atoi(s[i++]->c_str()); + uint64_t num = atoi(s[i++]->c_str()); + if (num > std::numeric_limits<Address::address_t>::max()) { + throw ParseException("excessive memory init", s.line, s.col); + } + wasm.memory.initial = num; if (i == s.size()) return; if (s[i]->isStr()) { uint64_t max = atoll(s[i]->c_str()); @@ -1475,7 +1479,11 @@ void SExpressionWasmBuilder::parseMemory(Element& s, bool preParseImport) { if (curr[0]->str() == DATA) { offsetValue = 0; } else { - offsetValue = atoi(curr[j++]->c_str()); + uint64_t num = atoi(curr[j++]->c_str()); + if (num > std::numeric_limits<Address::address_t>::max()) { + throw ParseException("excessive memory offset", s.line, s.col); + } + offsetValue = num; } const char *input = curr[j]->c_str(); auto* offset = allocator.alloc<Const>(); |