diff options
| -rw-r--r-- | src/wasm-interpreter.h | 23 | ||||
| -rw-r--r-- | test/spec/bulk-memory.wast | 34 |
2 files changed, 14 insertions, 43 deletions
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h index ca9b35bab..03264f454 100644 --- a/src/wasm-interpreter.h +++ b/src/wasm-interpreter.h @@ -1683,11 +1683,6 @@ private: Address offsetVal(uint32_t(offset.value.geti32())); Address sizeVal(uint32_t(size.value.geti32())); - instance.checkLoadAddress(destVal, 0); - if (offsetVal > segment.data.size()) { - trap("segment offset out of bounds"); - } - for (size_t i = 0; i < sizeVal; ++i) { if (offsetVal + i >= segment.data.size()) { trap("out of bounds segment access in memory.init"); @@ -1727,20 +1722,16 @@ private: Address sourceVal(uint32_t(source.value.geti32())); Address sizeVal(uint32_t(size.value.geti32())); - instance.checkLoadAddress(destVal, 0); - instance.checkLoadAddress(sourceVal, 0); - - size_t start = 0; - size_t end = sizeVal; + int64_t start = 0; + int64_t end = sizeVal; int step = 1; - // Reverse direction if source is below dest and they overlap - if (sourceVal < destVal && - (sourceVal + sizeVal > destVal || sourceVal + sizeVal < sourceVal)) { - start = sizeVal - 1; + // Reverse direction if source is below dest + if (sourceVal < destVal) { + start = int64_t(sizeVal) - 1; end = -1; step = -1; } - for (size_t i = start; i != end; i += step) { + for (int64_t i = start; i != end; i += step) { if (i + destVal >= std::numeric_limits<uint32_t>::max()) { trap("Out of bounds memory access"); } @@ -1771,8 +1762,6 @@ private: Address destVal(uint32_t(dest.value.geti32())); Address sizeVal(uint32_t(size.value.geti32())); - instance.checkLoadAddress(destVal, 0); - uint8_t val(value.value.geti32()); for (size_t i = 0; i < sizeVal; ++i) { instance.externalInterface->store8( diff --git a/test/spec/bulk-memory.wast b/test/spec/bulk-memory.wast index 474a5fbe1..1e04e02c3 100644 --- a/test/spec/bulk-memory.wast +++ b/test/spec/bulk-memory.wast @@ -33,19 +33,11 @@ ;; Fill all of memory (invoke "fill" (i32.const 0) (i32.const 0) (i32.const 0x10000)) -;; Out-of-bounds writes trap, but all previous writes succeed. -(assert_trap (invoke "fill" (i32.const 0xff00) (i32.const 1) (i32.const 0x101)) - "out of bounds memory access") -(assert_return (invoke "load8_u" (i32.const 0xff00)) (i32.const 1)) -(assert_return (invoke "load8_u" (i32.const 0xffff)) (i32.const 1)) - ;; Succeed when writing 0 bytes at the end of the region. (invoke "fill" (i32.const 0x10000) (i32.const 0) (i32.const 0)) -;; Fail on out-of-bounds when writing 0 bytes outside of memory. -(assert_trap (invoke "fill" (i32.const 0x10001) (i32.const 0) (i32.const 0)) - "out of bounds memory access") - +;; OK to write 0 bytes outside of memory. +(invoke "fill" (i32.const 0x10001) (i32.const 0) (i32.const 0)) ;; memory.copy (module @@ -105,21 +97,13 @@ (invoke "copy" (i32.const 0xff00) (i32.const 0) (i32.const 0x100)) (invoke "copy" (i32.const 0xfe00) (i32.const 0xff00) (i32.const 0x100)) -;; Out-of-bounds writes trap, but all previous writes succeed. -(assert_trap (invoke "copy" (i32.const 0xfffe) (i32.const 0) (i32.const 3)) - "out of bounds memory access") -(assert_return (invoke "load8_u" (i32.const 0xfffe)) (i32.const 0xaa)) -(assert_return (invoke "load8_u" (i32.const 0xffff)) (i32.const 0xbb)) - ;; Succeed when copying 0 bytes at the end of the region. (invoke "copy" (i32.const 0x10000) (i32.const 0) (i32.const 0)) (invoke "copy" (i32.const 0) (i32.const 0x10000) (i32.const 0)) -;; Fail on out-of-bounds when copying 0 bytes outside of memory. -(assert_trap (invoke "copy" (i32.const 0x10001) (i32.const 0) (i32.const 0)) - "out of bounds memory access") -(assert_trap (invoke "copy" (i32.const 0) (i32.const 0x10001) (i32.const 0)) - "out of bounds memory access") +;; OK copying 0 bytes outside of memory. +(invoke "copy" (i32.const 0x10001) (i32.const 0) (i32.const 0)) +(invoke "copy" (i32.const 0) (i32.const 0x10001) (i32.const 0)) ;; memory.init (module @@ -154,11 +138,9 @@ (invoke "init" (i32.const 0x10000) (i32.const 0) (i32.const 0)) (invoke "init" (i32.const 0) (i32.const 4) (i32.const 0)) -;; Fail on out-of-bounds when writing 0 bytes outside of memory or segment. -(assert_trap (invoke "init" (i32.const 0x10001) (i32.const 0) (i32.const 0)) - "out of bounds memory access") -(assert_trap (invoke "init" (i32.const 0) (i32.const 5) (i32.const 0)) - "out of bounds memory access") +;; OK writing 0 bytes outside of memory or segment. +(invoke "init" (i32.const 0x10001) (i32.const 0) (i32.const 0)) +(invoke "init" (i32.const 0) (i32.const 5) (i32.const 0)) ;; data.drop (module |