diff options
| author | JF Bastien <jfb@chromium.org> | 2016-02-03 09:50:46 -0800 |
|---|---|---|
| committer | JF Bastien <jfb@chromium.org> | 2016-02-09 11:45:50 -0800 |
| commit | 03495efec37b331652701e64dc72f985e6e9f7c2 (patch) | |
| tree | de6c36623cd235ab2fd12134292b87b1425912e6 /src | |
| parent | d5cc09449032972b07aaf4625349991fe61b62c1 (diff) | |
| download | binaryen-03495efec37b331652701e64dc72f985e6e9f7c2.tar.gz binaryen-03495efec37b331652701e64dc72f985e6e9f7c2.tar.bz2 binaryen-03495efec37b331652701e64dc72f985e6e9f7c2.zip | |
Fix out-of-bounds read
Found by asan
Diffstat (limited to 'src')
| -rw-r--r-- | src/wasm-s-parser.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/wasm-s-parser.h b/src/wasm-s-parser.h index ce216fd8e..c6cf1b32d 100644 --- a/src/wasm-s-parser.h +++ b/src/wasm-s-parser.h @@ -423,7 +423,10 @@ public: if (dot) { // type.operation (e.g. i32.add) WasmType type = stringToWasmType(str, false, true); - const char *op = dot + 1; + // Local copy to index into op without bounds checking. + constexpr size_t maxNameSize = 15; + char op[maxNameSize + 1] = { '\0' }; + strncpy(op, dot + 1, maxNameSize); switch (op[0]) { case 'a': { if (op[1] == 'b') return makeUnary(s, UnaryOp::Abs, type); |