From 1cd3cff4820222901eaa015fd2d7b0b4b5b7fc3e Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Wed, 23 Aug 2023 11:08:43 -0700 Subject: wasm-ctor-eval: Limit memory to a reasonable amount (#5896) In practice we don't need high addresses, and when they happen the current implementation can OOM, so exit early on them instead. Fixes #5893 --- src/tools/wasm-ctor-eval.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src') diff --git a/src/tools/wasm-ctor-eval.cpp b/src/tools/wasm-ctor-eval.cpp index a935475ff..1b60a9222 100644 --- a/src/tools/wasm-ctor-eval.cpp +++ b/src/tools/wasm-ctor-eval.cpp @@ -446,6 +446,14 @@ struct CtorEvalExternalInterface : EvallingModuleRunner::ExternalInterface { } private: + // We limit the size of memory to some reasonable amount. We handle memory in + // a linear/dense manner, so when we see a write to address X we allocate X + // memory to represent that, and so very high addresses can lead to OOM. In + // practice, ctor-eval should only run on low addresses anyhow, since static + // memory tends to be reasonably-sized and mallocs start at the start of the + // heap, so it's simpler to add an arbitrary limit here to avoid OOMs for now. + const size_t MaximumMemory = 100 * 1024 * 1024; + // TODO: handle unaligned too, see shell-interface template T* getMemory(Address address, Name memoryName) { auto it = memories.find(memoryName); @@ -454,6 +462,9 @@ private: // resize the memory buffer as needed. auto max = address + sizeof(T); if (max > memory.size()) { + if (max > MaximumMemory) { + throw FailToEvalException("excessively high memory address accessed"); + } memory.resize(max); } return (T*)(&memory[address]); -- cgit v1.2.3