diff options
| author | Alon Zakai <azakai@google.com> | 2024-06-25 09:05:59 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-25 09:05:59 -0700 |
| commit | 0a0ee6fe67f10a22503a964c31161c4584286d87 (patch) | |
| tree | 31bba69efc319dd87807b7b637fbdfc87aeed63c /src | |
| parent | a9f6bc020ad8f483d14ad03cfb957da5dd1d290b (diff) | |
| download | binaryen-0a0ee6fe67f10a22503a964c31161c4584286d87.tar.gz binaryen-0a0ee6fe67f10a22503a964c31161c4584286d87.tar.bz2 binaryen-0a0ee6fe67f10a22503a964c31161c4584286d87.zip | |
Add missing struct/array type checks in binary reader (#6701)
Fixes #6695
Diffstat (limited to 'src')
| -rw-r--r-- | src/wasm/wasm-binary.cpp | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/wasm/wasm-binary.cpp b/src/wasm/wasm-binary.cpp index b23478205..1644c2950 100644 --- a/src/wasm/wasm-binary.cpp +++ b/src/wasm/wasm-binary.cpp @@ -7346,6 +7346,9 @@ bool WasmBinaryReader::maybeVisitStructNew(Expression*& out, uint32_t code) { if (code == BinaryConsts::StructNew || code == BinaryConsts::StructNewDefault) { auto heapType = getIndexedHeapType(); + if (!heapType.isStruct()) { + throwError("Expected struct heaptype"); + } std::vector<Expression*> operands; if (code == BinaryConsts::StructNew) { auto numOperands = heapType.getStruct().fields.size(); @@ -7393,6 +7396,9 @@ bool WasmBinaryReader::maybeVisitStructSet(Expression*& out, uint32_t code) { } auto* curr = allocator.alloc<StructSet>(); auto heapType = getIndexedHeapType(); + if (!heapType.isStruct()) { + throwError("Expected struct heaptype"); + } curr->index = getU32LEB(); curr->value = popNonVoidExpression(); curr->ref = popNonVoidExpression(); @@ -7405,6 +7411,9 @@ bool WasmBinaryReader::maybeVisitStructSet(Expression*& out, uint32_t code) { bool WasmBinaryReader::maybeVisitArrayNewData(Expression*& out, uint32_t code) { if (code == BinaryConsts::ArrayNew || code == BinaryConsts::ArrayNewDefault) { auto heapType = getIndexedHeapType(); + if (!heapType.isArray()) { + throwError("Expected array heaptype"); + } auto* size = popNonVoidExpression(); Expression* init = nullptr; if (code == BinaryConsts::ArrayNew) { @@ -7421,6 +7430,9 @@ bool WasmBinaryReader::maybeVisitArrayNewElem(Expression*& out, uint32_t code) { code == BinaryConsts::ArrayNewElem) { auto isData = code == BinaryConsts::ArrayNewData; auto heapType = getIndexedHeapType(); + if (!heapType.isArray()) { + throwError("Expected array heaptype"); + } auto segIdx = getU32LEB(); auto* size = popNonVoidExpression(); auto* offset = popNonVoidExpression(); @@ -7444,6 +7456,9 @@ bool WasmBinaryReader::maybeVisitArrayNewFixed(Expression*& out, uint32_t code) { if (code == BinaryConsts::ArrayNewFixed) { auto heapType = getIndexedHeapType(); + if (!heapType.isArray()) { + throwError("Expected array heaptype"); + } auto size = getU32LEB(); std::vector<Expression*> values(size); for (size_t i = 0; i < size; i++) { @@ -7484,6 +7499,9 @@ bool WasmBinaryReader::maybeVisitArraySet(Expression*& out, uint32_t code) { return false; } auto heapType = getIndexedHeapType(); + if (!heapType.isArray()) { + throwError("Expected array heaptype"); + } auto* value = popNonVoidExpression(); auto* index = popNonVoidExpression(); auto* ref = popNonVoidExpression(); @@ -7506,7 +7524,13 @@ bool WasmBinaryReader::maybeVisitArrayCopy(Expression*& out, uint32_t code) { return false; } auto destHeapType = getIndexedHeapType(); + if (!destHeapType.isArray()) { + throwError("Expected array heaptype"); + } auto srcHeapType = getIndexedHeapType(); + if (!srcHeapType.isArray()) { + throwError("Expected array heaptype"); + } auto* length = popNonVoidExpression(); auto* srcIndex = popNonVoidExpression(); auto* srcRef = popNonVoidExpression(); @@ -7524,6 +7548,9 @@ bool WasmBinaryReader::maybeVisitArrayFill(Expression*& out, uint32_t code) { return false; } auto heapType = getIndexedHeapType(); + if (!heapType.isArray()) { + throwError("Expected array heaptype"); + } auto* size = popNonVoidExpression(); auto* value = popNonVoidExpression(); auto* index = popNonVoidExpression(); @@ -7545,6 +7572,9 @@ bool WasmBinaryReader::maybeVisitArrayInit(Expression*& out, uint32_t code) { return false; } auto heapType = getIndexedHeapType(); + if (!heapType.isArray()) { + throwError("Expected array heaptype"); + } Index segIdx = getU32LEB(); auto* size = popNonVoidExpression(); auto* offset = popNonVoidExpression(); |