diff options
| author | Alon Zakai (kripken) <alonzakai@gmail.com> | 2017-05-29 21:55:51 -0700 |
|---|---|---|
| committer | Alon Zakai <alonzakai@gmail.com> | 2017-06-01 13:17:44 -0700 |
| commit | 2ce31515cbb0953344dd5d67cfadb718a9abc8d8 (patch) | |
| tree | dd8dbfaeb1cf41ce0dc27cf4753d40ce586cd533 /src/wasm/wasm-s-parser.cpp | |
| parent | 4cb970fa052d5f2f5d29de60f612dc1e22fb81ee (diff) | |
| download | binaryen-2ce31515cbb0953344dd5d67cfadb718a9abc8d8.tar.gz binaryen-2ce31515cbb0953344dd5d67cfadb718a9abc8d8.tar.bz2 binaryen-2ce31515cbb0953344dd5d67cfadb718a9abc8d8.zip | |
validate memory/table Address values in s-expr parsing
Diffstat (limited to 'src/wasm/wasm-s-parser.cpp')
| -rw-r--r-- | src/wasm/wasm-s-parser.cpp | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/wasm/wasm-s-parser.cpp b/src/wasm/wasm-s-parser.cpp index b2ee2a2f4..bff9232b8 100644 --- a/src/wasm/wasm-s-parser.cpp +++ b/src/wasm/wasm-s-parser.cpp @@ -1650,20 +1650,36 @@ void SExpressionWasmBuilder::parseImport(Element& s) { } } else if (im->kind == ExternalKind::Table) { if (j < inner.size() - 1) { - wasm.table.initial = atoi(inner[j++]->c_str()); + uint64_t num = atoi(inner[j++]->c_str()); + if (num > std::numeric_limits<Address::address_t>::max()) { + throw ParseException("excessive table size", s.line, s.col); + } + wasm.table.initial = num; } if (j < inner.size() - 1) { - wasm.table.max = atoi(inner[j++]->c_str()); + uint64_t num = atoi(inner[j++]->c_str()); + if (num > std::numeric_limits<Address::address_t>::max()) { + throw ParseException("excessive table size", s.line, s.col); + } + wasm.table.max = num; } else { wasm.table.max = Table::kMaxSize; } // ends with the table element type } else if (im->kind == ExternalKind::Memory) { if (j < inner.size()) { - wasm.memory.initial = atoi(inner[j++]->c_str()); + uint64_t num = atoi(inner[j++]->c_str()); + if (num > std::numeric_limits<Address::address_t>::max()) { + throw ParseException("excessive table size", s.line, s.col); + } + wasm.memory.initial = num; } if (j < inner.size()) { - wasm.memory.max = atoi(inner[j++]->c_str()); + uint64_t num = atoi(inner[j++]->c_str()); + if (num > std::numeric_limits<Address::address_t>::max()) { + throw ParseException("excessive table size", s.line, s.col); + } + wasm.memory.max = num; } } if (wasm.getImportOrNull(im->name)) throw ParseException("duplicate import", s.line, s.col); |