diff options
| author | Alon Zakai <azakai@google.com> | 2024-01-30 13:53:31 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-30 13:53:31 -0800 |
| commit | 8b85d5dfd22c56ea9a54df37219492ad3b6d5605 (patch) | |
| tree | 66c8e75e42ccbe89f91731ba4a5982d0d788e229 /src/ir/table-utils.h | |
| parent | 9361edfcd83310b2eac6ceca08db0d44ad22aa52 (diff) | |
| download | binaryen-8b85d5dfd22c56ea9a54df37219492ad3b6d5605.tar.gz binaryen-8b85d5dfd22c56ea9a54df37219492ad3b6d5605.tar.bz2 binaryen-8b85d5dfd22c56ea9a54df37219492ad3b6d5605.zip | |
Directize: Handle overflows and out of bounds (#6255)
Diffstat (limited to 'src/ir/table-utils.h')
| -rw-r--r-- | src/ir/table-utils.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/ir/table-utils.h b/src/ir/table-utils.h index a94691e9f..5299ba3e1 100644 --- a/src/ir/table-utils.h +++ b/src/ir/table-utils.h @@ -20,6 +20,7 @@ #include "ir/element-utils.h" #include "ir/literal-utils.h" #include "ir/module-utils.h" +#include "support/stdckdint.h" #include "wasm-traversal.h" #include "wasm.h" @@ -40,7 +41,13 @@ struct FlatTable { return; } Index start = offset->cast<Const>()->value.geti32(); - Index end = start + segment->data.size(); + Index size = segment->data.size(); + Index end; + if (std::ckd_add(&end, start, size) || end > table.initial) { + // Overflow. + valid = false; + return; + } if (end > names.size()) { names.resize(end); } |