diff options
| -rw-r--r-- | src/ir/memory-utils.cpp | 7 | ||||
| -rw-r--r-- | src/support/stdckdint.h | 43 | ||||
| -rw-r--r-- | test/lit/ctor-eval/flatten_overflow.wast | 16 |
3 files changed, 65 insertions, 1 deletions
diff --git a/src/ir/memory-utils.cpp b/src/ir/memory-utils.cpp index dddcdd1f1..0f6b77602 100644 --- a/src/ir/memory-utils.cpp +++ b/src/ir/memory-utils.cpp @@ -15,6 +15,7 @@ */ #include "ir/memory-utils.h" +#include "support/stdckdint.h" #include "wasm.h" namespace wasm::MemoryUtils { @@ -94,7 +95,11 @@ bool flatten(Module& wasm) { for (auto& segment : dataSegments) { auto* offset = segment->offset->dynCast<Const>(); Index start = offset->value.getInteger(); - Index end = start + segment->data.size(); + Index size = segment->data.size(); + Index end; + if (std::ckd_add(&end, start, size)) { + return false; + } if (end > data.size()) { data.resize(end); } diff --git a/src/support/stdckdint.h b/src/support/stdckdint.h new file mode 100644 index 000000000..42e87f9a2 --- /dev/null +++ b/src/support/stdckdint.h @@ -0,0 +1,43 @@ +/* + * Copyright 2024 WebAssembly Community Group participants + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef wasm_stdckdint_h +#define wasm_stdckdint_h + +// This is a partial "polyfill" for the C23 file stdckdint.h. It allows us to +// use that API even in older compilers. + +namespace std { + +template<typename T> bool ckd_add(T* output, T a, T b) { +#if __has_builtin(__builtin_add_overflow) + return __builtin_add_overflow(a, b, output); +#else + // Atm this polyfill only supports unsigned types. + static_assert(std::is_unsigned_v<T>); + + T result = a + b; + if (result < a) { + return true; + } + *output = result; + return false; +#endif +} + +} // namespace std + +#endif // wasm_stdckdint_h diff --git a/test/lit/ctor-eval/flatten_overflow.wast b/test/lit/ctor-eval/flatten_overflow.wast new file mode 100644 index 000000000..c5044e666 --- /dev/null +++ b/test/lit/ctor-eval/flatten_overflow.wast @@ -0,0 +1,16 @@ +;; The data segment here is at an offset too large to fit into the memory due +;; to an overflow. That will cause us to fail during flatten, so there are no +;; changes to output here, but we should not error (if we don't check for +;; overflow, we'd segfault). + +;; RUN: wasm-ctor-eval %s --ctors=test --kept-exports=test --quiet -all + +(module + (memory $0 10 10) + (data $0 (i32.const -1) "a") + + (export "test" (func $test)) + + (func $test + ) +) |