diff options
| author | Ben Smith <binjimin@gmail.com> | 2018-02-28 19:23:44 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-28 19:23:44 -0800 |
| commit | 1d76bb63beba5de424b660187d153b06087e763f (patch) | |
| tree | 224806bb2f0e2ac2175b0bcda179dd42006f157e /src/binary-reader-interp.cc | |
| parent | c40f1b51714e2191f9dec1c3cfbaf9e3d536e561 (diff) | |
| download | wabt-1d76bb63beba5de424b660187d153b06087e763f.tar.gz wabt-1d76bb63beba5de424b660187d153b06087e763f.tar.bz2 wabt-1d76bb63beba5de424b660187d153b06087e763f.zip | |
Update testsuite (#780)
* Fix edge case elem segment bounds checking
* Fix bounds checking when importing spectest table
Diffstat (limited to 'src/binary-reader-interp.cc')
| -rw-r--r-- | src/binary-reader-interp.cc | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/binary-reader-interp.cc b/src/binary-reader-interp.cc index 6fcda5e1..b8907458 100644 --- a/src/binary-reader-interp.cc +++ b/src/binary-reader-interp.cc @@ -197,6 +197,8 @@ class BinaryReaderInterp : public BinaryReaderNop { wabt::Result EndFunctionBody(Index index) override; wabt::Result EndElemSegmentInitExpr(Index index) override; + wabt::Result OnElemSegmentFunctionIndexCount(Index index, + Index count) override; wabt::Result OnElemSegmentFunctionIndex(Index index, Index func_index) override; @@ -741,6 +743,8 @@ wabt::Result BinaryReaderInterp::OnImportTable(Index import_index, CHECK_RESULT(CheckImportLimits(elem_limits, &table->limits)); + table->func_indexes.resize(table->limits.initial); + module_->table_index = env_->GetTableCount() - 1; AppendExport(host_import_module, ExternalKind::Table, module_->table_index, import->field_name); @@ -1005,16 +1009,23 @@ wabt::Result BinaryReaderInterp::EndElemSegmentInitExpr(Index index) { return wabt::Result::Ok; } -wabt::Result BinaryReaderInterp::OnElemSegmentFunctionIndex(Index index, - Index func_index) { +wabt::Result BinaryReaderInterp::OnElemSegmentFunctionIndexCount(Index index, + Index count) { assert(module_->table_index != kInvalidIndex); Table* table = env_->GetTable(module_->table_index); - if (table_offset_ >= table->func_indexes.size()) { - PrintError("elem segment offset is out of bounds: %u >= max value %" PRIzd, - table_offset_, table->func_indexes.size()); + // Check both cases, as table_offset_ + count may overflow. + if (table_offset_ > table->func_indexes.size() || + table_offset_ + count > table->func_indexes.size()) { + PrintError("elem segment is out of bounds: [%u, %u) >= max value %" PRIzd, + table_offset_, table_offset_ + count, + table->func_indexes.size()); return wabt::Result::Error; } + return wabt::Result::Ok; +} +wabt::Result BinaryReaderInterp::OnElemSegmentFunctionIndex(Index index, + Index func_index) { Index max_func_index = func_index_mapping_.size(); if (func_index >= max_func_index) { PrintError("invalid func_index: %" PRIindex " (max %" PRIindex ")", @@ -1022,6 +1033,7 @@ wabt::Result BinaryReaderInterp::OnElemSegmentFunctionIndex(Index index, return wabt::Result::Error; } + Table* table = env_->GetTable(module_->table_index); elem_segment_infos_.emplace_back(&table->func_indexes[table_offset_++], TranslateFuncIndexToEnv(func_index)); return wabt::Result::Ok; |