Memory flattening: Check for overflow (#6233)

Fixes a fuzz testcase for wasm-ctor-eval. Add the beginnings of a polyfill for stdckdint.h to help that.
author: Alon Zakai <azakai@google.com> 2024-01-24 12:21:29 -0800
committer: GitHub <noreply@github.com> 2024-01-24 12:21:29 -0800
commit: 6453fd55a312779c2f0d9451d325646522a85470 (patch)
tree: 3a987b5e05dc726c2e845fc5ea54b256f0427155 /src/ir/memory-utils.cpp
parent: 1ce851d7a2044cd1c121bec7de676a61aa147c79 (diff)
download: binaryen-6453fd55a312779c2f0d9451d325646522a85470.tar.gz
binaryen-6453fd55a312779c2f0d9451d325646522a85470.tar.bz2
binaryen-6453fd55a312779c2f0d9451d325646522a85470.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/ir/memory-utils.cpp b/src/ir/memory-utils.cpp
index dddcdd1f1..0f6b77602 100644
--- a/src/ir/memory-utils.cpp
+++ b/src/ir/memory-utils.cpp
@@ -15,6 +15,7 @@
  */
 
 #include "ir/memory-utils.h"
+#include "support/stdckdint.h"
 #include "wasm.h"
 
 namespace wasm::MemoryUtils {
@@ -94,7 +95,11 @@ bool flatten(Module& wasm) {
   for (auto& segment : dataSegments) {
     auto* offset = segment->offset->dynCast<Const>();
     Index start = offset->value.getInteger();
-    Index end = start + segment->data.size();
+    Index size = segment->data.size();
+    Index end;
+    if (std::ckd_add(&end, start, size)) {
+      return false;
+    }
     if (end > data.size()) {
       data.resize(end);
     }
author	Alon Zakai <azakai@google.com>	2024-01-24 12:21:29 -0800
committer	GitHub <noreply@github.com>	2024-01-24 12:21:29 -0800
commit	6453fd55a312779c2f0d9451d325646522a85470 (patch)
tree	3a987b5e05dc726c2e845fc5ea54b256f0427155 /src/ir/memory-utils.cpp
parent	1ce851d7a2044cd1c121bec7de676a61aa147c79 (diff)
download	binaryen-6453fd55a312779c2f0d9451d325646522a85470.tar.gz binaryen-6453fd55a312779c2f0d9451d325646522a85470.tar.bz2 binaryen-6453fd55a312779c2f0d9451d325646522a85470.zip