diff options
| -rw-r--r-- | src/tools/wasm-ctor-eval.cpp | 11 | ||||
| -rw-r--r-- | test/lit/ctor-eval/high_memory.wast | 42 |
2 files changed, 53 insertions, 0 deletions
diff --git a/src/tools/wasm-ctor-eval.cpp b/src/tools/wasm-ctor-eval.cpp index a935475ff..1b60a9222 100644 --- a/src/tools/wasm-ctor-eval.cpp +++ b/src/tools/wasm-ctor-eval.cpp @@ -446,6 +446,14 @@ struct CtorEvalExternalInterface : EvallingModuleRunner::ExternalInterface { } private: + // We limit the size of memory to some reasonable amount. We handle memory in + // a linear/dense manner, so when we see a write to address X we allocate X + // memory to represent that, and so very high addresses can lead to OOM. In + // practice, ctor-eval should only run on low addresses anyhow, since static + // memory tends to be reasonably-sized and mallocs start at the start of the + // heap, so it's simpler to add an arbitrary limit here to avoid OOMs for now. + const size_t MaximumMemory = 100 * 1024 * 1024; + // TODO: handle unaligned too, see shell-interface template<typename T> T* getMemory(Address address, Name memoryName) { auto it = memories.find(memoryName); @@ -454,6 +462,9 @@ private: // resize the memory buffer as needed. auto max = address + sizeof(T); if (max > memory.size()) { + if (max > MaximumMemory) { + throw FailToEvalException("excessively high memory address accessed"); + } memory.resize(max); } return (T*)(&memory[address]); diff --git a/test/lit/ctor-eval/high_memory.wast b/test/lit/ctor-eval/high_memory.wast new file mode 100644 index 000000000..edcfe2446 --- /dev/null +++ b/test/lit/ctor-eval/high_memory.wast @@ -0,0 +1,42 @@ +;; NOTE: Assertions have been generated by update_lit_checks.py --all-items and should not be edited. +;; RUN: wasm-ctor-eval %s --ctors=test1,test2 --kept-exports=test1,test2 --quiet -all -S -o - | filecheck %s + +(module + ;; CHECK: (type $none_=>_none (func)) + + ;; CHECK: (memory $0 1616) + (memory $0 1616) ;; 101 MB + + (func "test1" + ;; This write will be evalled into a data segment and removed. + (i32.store8 + (i32.const 0x63fffff) ;; 100 MB - 1 + (i32.const 42) + ) + ) + + (func "test2" + ;; We stop at this write to a high address (wasm-ctor-eval generally only + ;; writes to low addresses, so it is tuned for that) + (i32.store8 + (i32.const 0x6400000) ;; 100 MB + (i32.const 43) + ) + ) +) +;; CHECK: (data $0 (i32.const 104857599) "*") + +;; CHECK: (export "test1" (func $0_2)) + +;; CHECK: (export "test2" (func $1)) + +;; CHECK: (func $1 (type $none_=>_none) +;; CHECK-NEXT: (i32.store8 +;; CHECK-NEXT: (i32.const 104857600) +;; CHECK-NEXT: (i32.const 43) +;; CHECK-NEXT: ) +;; CHECK-NEXT: ) + +;; CHECK: (func $0_2 (type $none_=>_none) +;; CHECK-NEXT: (nop) +;; CHECK-NEXT: ) |