diff options
| author | Alon Zakai <azakai@google.com> | 2020-10-12 17:11:30 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-12 17:11:30 -0700 |
| commit | 5ae1724add800780475e02e05a4af133e3729bd6 (patch) | |
| tree | 7cc9dec3bdd3fc27971b7ade1112402bda3fec64 /src | |
| parent | d38ddda4c299a40ee48efb777ec69c823312c9dd (diff) | |
| download | binaryen-5ae1724add800780475e02e05a4af133e3729bd6.tar.gz binaryen-5ae1724add800780475e02e05a4af133e3729bd6.tar.bz2 binaryen-5ae1724add800780475e02e05a4af133e3729bd6.zip | |
Interpreter: Add a limit to how much we try to grow memory, to avoid DOS (#3227)
growMemory() now also returns whether we succeeded.
Without this it could eventually start to swap etc., which is annoying.
Diffstat (limited to 'src')
| -rw-r--r-- | src/shell-interface.h | 8 | ||||
| -rw-r--r-- | src/tools/wasm-ctor-eval.cpp | 2 | ||||
| -rw-r--r-- | src/wasm-interpreter.h | 11 |
3 files changed, 16 insertions, 5 deletions
diff --git a/src/shell-interface.h b/src/shell-interface.h index 8d35905ee..8fc1c362d 100644 --- a/src/shell-interface.h +++ b/src/shell-interface.h @@ -217,8 +217,14 @@ struct ShellExternalInterface : ModuleInstance::ExternalInterface { void tableStore(Address addr, Name entry) override { table[addr] = entry; } - void growMemory(Address /*oldSize*/, Address newSize) override { + bool growMemory(Address /*oldSize*/, Address newSize) override { + // Apply a reasonable limit on memory size, 1GB, to avoid DOS on the + // interpreter. + if (newSize > 1024 * 1024 * 1024) { + return false; + } memory.resize(newSize); + return true; } void trap(const char* why) override { diff --git a/src/tools/wasm-ctor-eval.cpp b/src/tools/wasm-ctor-eval.cpp index a38ca4027..50ba4404e 100644 --- a/src/tools/wasm-ctor-eval.cpp +++ b/src/tools/wasm-ctor-eval.cpp @@ -283,7 +283,7 @@ struct CtorEvalExternalInterface : EvallingModuleInstance::ExternalInterface { // called during initialization, but we don't keep track of a table void tableStore(Address addr, Name value) override {} - void growMemory(Address /*oldSize*/, Address newSize) override { + bool growMemory(Address /*oldSize*/, Address newSize) override { throw FailToEvalException("grow memory"); } diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h index b683de632..203786e72 100644 --- a/src/wasm-interpreter.h +++ b/src/wasm-interpreter.h @@ -1685,7 +1685,7 @@ public: LiteralList& arguments, Type result, SubType& instance) = 0; - virtual void growMemory(Address oldSize, Address newSize) = 0; + virtual bool growMemory(Address oldSize, Address newSize) = 0; virtual void trap(const char* why) = 0; virtual void throwException(Literal exnref) = 0; @@ -2406,8 +2406,13 @@ private: if (newSize > instance.wasm.memory.max) { return fail; } - instance.externalInterface->growMemory( - instance.memorySize * Memory::kPageSize, newSize * Memory::kPageSize); + if (!instance.externalInterface->growMemory( + instance.memorySize * Memory::kPageSize, + newSize * Memory::kPageSize)) { + // We failed to grow the memory in practice, even though it was valid + // to try to do so. + return fail; + } instance.memorySize = newSize; return ret; } |