diff options
| author | Thomas Lively <7121787+tlively@users.noreply.github.com> | 2021-03-31 14:46:51 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-31 14:46:51 -0700 |
| commit | 62b71e06eb69e00c9771d442ce7d2d93f3e03497 (patch) | |
| tree | 4e3f4b4b8b75beccf0a21ffad37d8c88bfb2ea48 /src | |
| parent | d9f0d8f09985320e0849f76d4ce8a8ee409f5e6d (diff) | |
| download | binaryen-62b71e06eb69e00c9771d442ce7d2d93f3e03497.tar.gz binaryen-62b71e06eb69e00c9771d442ce7d2d93f3e03497.tar.bz2 binaryen-62b71e06eb69e00c9771d442ce7d2d93f3e03497.zip | |
Catch bad tuple.extract index in parser (#3766)
Previously an out-of-bounds index would result in an out-of-bounds read during
finalization of the tuple.extract expression.
Diffstat (limited to 'src')
| -rw-r--r-- | src/wasm/wasm-s-parser.cpp | 4 | ||||
| -rw-r--r-- | src/wasm/wasm.cpp | 1 |
2 files changed, 5 insertions, 0 deletions
diff --git a/src/wasm/wasm-s-parser.cpp b/src/wasm/wasm-s-parser.cpp index c1d25f10d..f3ab50f0c 100644 --- a/src/wasm/wasm-s-parser.cpp +++ b/src/wasm/wasm-s-parser.cpp @@ -2527,6 +2527,10 @@ Expression* SExpressionWasmBuilder::makeTupleExtract(Element& s) { auto ret = allocator.alloc<TupleExtract>(); ret->index = atoi(s[1]->str().c_str()); ret->tuple = parseExpression(s[2]); + if (ret->tuple->type != Type::unreachable && + ret->index >= ret->tuple->type.size()) { + throw ParseException("Bad index on tuple.extract", s[1]->line, s[1]->col); + } ret->finalize(); return ret; } diff --git a/src/wasm/wasm.cpp b/src/wasm/wasm.cpp index 18f8594b1..2ccd9a70a 100644 --- a/src/wasm/wasm.cpp +++ b/src/wasm/wasm.cpp @@ -872,6 +872,7 @@ void TupleExtract::finalize() { if (tuple->type == Type::unreachable) { type = Type::unreachable; } else { + assert(index < tuple->type.size()); type = tuple->type[index]; } } |