diff options
| author | Wouter van Oortmerssen <aardappel@gmail.com> | 2020-09-28 17:28:20 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-28 17:28:20 -0700 |
| commit | 9de15862c1bc4e2b092ccbe89fdb4b850704bbfc (patch) | |
| tree | fe2315b31b96f32c4c015232ae864670a5c1636a /src/wasm-interpreter.h | |
| parent | 2a869194c5fb7f54b3811043bfcf723e3d53c1df (diff) | |
| download | binaryen-9de15862c1bc4e2b092ccbe89fdb4b850704bbfc.tar.gz binaryen-9de15862c1bc4e2b092ccbe89fdb4b850704bbfc.tar.bz2 binaryen-9de15862c1bc4e2b092ccbe89fdb4b850704bbfc.zip | |
Fix regression in memory.fill due to Memory64 (#3176)
details: https://github.com/WebAssembly/binaryen/issues/3149
Diffstat (limited to 'src/wasm-interpreter.h')
| -rw-r--r-- | src/wasm-interpreter.h | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h index 5e98e0fec..4f3de9078 100644 --- a/src/wasm-interpreter.h +++ b/src/wasm-interpreter.h @@ -2346,7 +2346,7 @@ private: return flow; } Flow ret = Literal::makeFromUInt64(instance.memorySize, indexType); - uint64_t delta = flow.getSingleValue().getInteger(); + uint64_t delta = flow.getSingleValue().getUnsigned(); if (delta > uint32_t(-1) / Memory::kPageSize && indexType == Type::i32) { return fail; } @@ -2384,7 +2384,7 @@ private: assert(curr->segment < instance.wasm.memory.segments.size()); Memory::Segment& segment = instance.wasm.memory.segments[curr->segment]; - Address destVal(dest.getSingleValue().getInteger()); + Address destVal(dest.getSingleValue().getUnsigned()); Address offsetVal(uint32_t(offset.getSingleValue().geti32())); Address sizeVal(uint32_t(size.getSingleValue().geti32())); @@ -2428,9 +2428,9 @@ private: NOTE_EVAL1(dest); NOTE_EVAL1(source); NOTE_EVAL1(size); - Address destVal(dest.getSingleValue().getInteger()); - Address sourceVal(source.getSingleValue().getInteger()); - Address sizeVal(size.getSingleValue().getInteger()); + Address destVal(dest.getSingleValue().getUnsigned()); + Address sourceVal(source.getSingleValue().getUnsigned()); + Address sizeVal(size.getSingleValue().getUnsigned()); if (sourceVal + sizeVal > instance.memorySize * Memory::kPageSize || destVal + sizeVal > instance.memorySize * Memory::kPageSize || @@ -2474,10 +2474,13 @@ private: NOTE_EVAL1(dest); NOTE_EVAL1(value); NOTE_EVAL1(size); - Address destVal(dest.getSingleValue().getInteger()); - Address sizeVal(size.getSingleValue().getInteger()); + Address destVal(dest.getSingleValue().getUnsigned()); + Address sizeVal(size.getSingleValue().getUnsigned()); - if (destVal + sizeVal > instance.memorySize * Memory::kPageSize) { + // FIXME: cheaper wrapping detection? + if (destVal > instance.memorySize * Memory::kPageSize || + sizeVal > instance.memorySize * Memory::kPageSize || + destVal + sizeVal > instance.memorySize * Memory::kPageSize) { trap("out of bounds memory access in memory.fill"); } uint8_t val(value.getSingleValue().geti32()); |