diff options
| author | Alon Zakai <azakai@google.com> | 2024-01-24 12:21:29 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-24 12:21:29 -0800 |
| commit | 6453fd55a312779c2f0d9451d325646522a85470 (patch) | |
| tree | 3a987b5e05dc726c2e845fc5ea54b256f0427155 /src | |
| parent | 1ce851d7a2044cd1c121bec7de676a61aa147c79 (diff) | |
| download | binaryen-6453fd55a312779c2f0d9451d325646522a85470.tar.gz binaryen-6453fd55a312779c2f0d9451d325646522a85470.tar.bz2 binaryen-6453fd55a312779c2f0d9451d325646522a85470.zip | |
Memory flattening: Check for overflow (#6233)
Fixes a fuzz testcase for wasm-ctor-eval.
Add the beginnings of a polyfill for stdckdint.h to help that.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ir/memory-utils.cpp | 7 | ||||
| -rw-r--r-- | src/support/stdckdint.h | 43 |
2 files changed, 49 insertions, 1 deletions
diff --git a/src/ir/memory-utils.cpp b/src/ir/memory-utils.cpp index dddcdd1f1..0f6b77602 100644 --- a/src/ir/memory-utils.cpp +++ b/src/ir/memory-utils.cpp @@ -15,6 +15,7 @@ */ #include "ir/memory-utils.h" +#include "support/stdckdint.h" #include "wasm.h" namespace wasm::MemoryUtils { @@ -94,7 +95,11 @@ bool flatten(Module& wasm) { for (auto& segment : dataSegments) { auto* offset = segment->offset->dynCast<Const>(); Index start = offset->value.getInteger(); - Index end = start + segment->data.size(); + Index size = segment->data.size(); + Index end; + if (std::ckd_add(&end, start, size)) { + return false; + } if (end > data.size()) { data.resize(end); } diff --git a/src/support/stdckdint.h b/src/support/stdckdint.h new file mode 100644 index 000000000..42e87f9a2 --- /dev/null +++ b/src/support/stdckdint.h @@ -0,0 +1,43 @@ +/* + * Copyright 2024 WebAssembly Community Group participants + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef wasm_stdckdint_h +#define wasm_stdckdint_h + +// This is a partial "polyfill" for the C23 file stdckdint.h. It allows us to +// use that API even in older compilers. + +namespace std { + +template<typename T> bool ckd_add(T* output, T a, T b) { +#if __has_builtin(__builtin_add_overflow) + return __builtin_add_overflow(a, b, output); +#else + // Atm this polyfill only supports unsigned types. + static_assert(std::is_unsigned_v<T>); + + T result = a + b; + if (result < a) { + return true; + } + *output = result; + return false; +#endif +} + +} // namespace std + +#endif // wasm_stdckdint_h |