diff options
| author | Alon Zakai <azakai@google.com> | 2024-03-22 12:27:54 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-22 12:27:54 -0700 |
| commit | 2471301a5209724b1ea32fab36b13410e96c0af9 (patch) | |
| tree | 08571f69741c973196712bb8f3c5e1f0ebd8f7a6 /src/wasm-interpreter.h | |
| parent | 57dc0c975dbb82c96826f29559136c703afce3e2 (diff) | |
| download | binaryen-2471301a5209724b1ea32fab36b13410e96c0af9.tar.gz binaryen-2471301a5209724b1ea32fab36b13410e96c0af9.tar.bz2 binaryen-2471301a5209724b1ea32fab36b13410e96c0af9.zip | |
[Strings] Handle overflow in string.encode_wtf16_array (#6422)
Diffstat (limited to 'src/wasm-interpreter.h')
| -rw-r--r-- | src/wasm-interpreter.h | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h index 1e0cf3ed0..c8031f617 100644 --- a/src/wasm-interpreter.h +++ b/src/wasm-interpreter.h @@ -32,6 +32,7 @@ #include "ir/module-utils.h" #include "support/bits.h" #include "support/safe_integer.h" +#include "support/stdckdint.h" #include "wasm-builder.h" #include "wasm-traversal.h" #include "wasm.h" @@ -2001,10 +2002,12 @@ public: if (!refData || !ptrData) { trap("null ref"); } - auto startVal = start.getSingleValue().getInteger(); + auto startVal = start.getSingleValue().getUnsigned(); auto& refValues = refData->values; auto& ptrValues = ptrData->values; - if (startVal + refValues.size() > ptrValues.size()) { + size_t end; + if (std::ckd_add<size_t>(&end, startVal, refValues.size()) || + end > ptrValues.size()) { trap("oob"); } |