From 6453fd55a312779c2f0d9451d325646522a85470 Mon Sep 17 00:00:00 2001
From: Alon Zakai <azakai@google.com>
Date: Wed, 24 Jan 2024 12:21:29 -0800
Subject: Memory flattening: Check for overflow (#6233)

Fixes a fuzz testcase for wasm-ctor-eval.

Add the beginnings of a polyfill for stdckdint.h to help that.
---
 src/ir/memory-utils.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/ir/memory-utils.cpp')

diff --git a/src/ir/memory-utils.cpp b/src/ir/memory-utils.cpp
index dddcdd1f1..0f6b77602 100644
--- a/src/ir/memory-utils.cpp
+++ b/src/ir/memory-utils.cpp
@@ -15,6 +15,7 @@
  */
 
 #include "ir/memory-utils.h"
+#include "support/stdckdint.h"
 #include "wasm.h"
 
 namespace wasm::MemoryUtils {
@@ -94,7 +95,11 @@ bool flatten(Module& wasm) {
   for (auto& segment : dataSegments) {
     auto* offset = segment->offset->dynCast<Const>();
     Index start = offset->value.getInteger();
-    Index end = start + segment->data.size();
+    Index size = segment->data.size();
+    Index end;
+    if (std::ckd_add(&end, start, size)) {
+      return false;
+    }
     if (end > data.size()) {
       data.resize(end);
     }
-- 
cgit v1.2.3