summaryrefslogtreecommitdiff
path: root/src/wasm-interpreter.h
diff options
context:
space:
mode:
authorThomas Lively <tlively@google.com>2024-11-25 12:55:34 -0800
committerGitHub <noreply@github.com>2024-11-25 20:55:34 +0000
commit7cee02592033b830a05eeeb9990d15a1f33e6792 (patch)
treeb93d0b5aecfb14fe8593f5c4e61b9a08cd03b5ce /src/wasm-interpreter.h
parent8265573e14182ee7fd95d78e9c04c435486be9dc (diff)
downloadbinaryen-7cee02592033b830a05eeeb9990d15a1f33e6792.tar.gz
binaryen-7cee02592033b830a05eeeb9990d15a1f33e6792.tar.bz2
binaryen-7cee02592033b830a05eeeb9990d15a1f33e6792.zip
Fix memory.grow bounds and overflow checks for mem64 (#7112)
Previously the interpreter only executed overflow and bounds checks for memory.grow on 32-bit memories. Run the checks on 64-bit memories as well.
Diffstat (limited to 'src/wasm-interpreter.h')
-rw-r--r--src/wasm-interpreter.h9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
index f3471cfa8..81531e27c 100644
--- a/src/wasm-interpreter.h
+++ b/src/wasm-interpreter.h
@@ -3836,10 +3836,15 @@ public:
auto fail = Literal::makeFromInt64(-1, memory->addressType);
Flow ret = Literal::makeFromInt64(memorySize, addressType);
uint64_t delta = flow.getSingleValue().getUnsigned();
- if (delta > uint32_t(-1) / Memory::kPageSize && addressType == Type::i32) {
+ uint64_t maxAddr = addressType == Type::i32
+ ? std::numeric_limits<uint32_t>::max()
+ : std::numeric_limits<uint64_t>::max();
+ if (delta > maxAddr / Memory::kPageSize) {
+ // Impossible to grow this much.
return fail;
}
- if (memorySize >= uint32_t(-1) - delta && addressType == Type::i32) {
+ if (memorySize >= maxAddr - delta) {
+ // Overflow.
return fail;
}
auto newSize = memorySize + delta;