diff options
| author | Keith Winstein <keithw@cs.stanford.edu> | 2023-03-13 23:18:38 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-13 23:18:38 -0700 |
| commit | 6ec144e688cc76b6bf234fbc9c7ed7cee4a5c0c3 (patch) | |
| tree | ec4c81cb973fe19a47263b33f9994aef400e248f /src/binary-reader-ir.cc | |
| parent | 1d0a6334cb1e9536c60df46840bc90dd6ad19a30 (diff) | |
| download | wabt-6ec144e688cc76b6bf234fbc9c7ed7cee4a5c0c3.tar.gz wabt-6ec144e688cc76b6bf234fbc9c7ed7cee4a5c0c3.tar.bz2 wabt-6ec144e688cc76b6bf234fbc9c7ed7cee4a5c0c3.zip | |
BinaryReaderIR: limit nesting depth to avoid stack overflow (#2169)
Fixes #2151
Fixes oss-fuzz #53958
Diffstat (limited to 'src/binary-reader-ir.cc')
| -rw-r--r-- | src/binary-reader-ir.cc | 37 |
1 files changed, 19 insertions, 18 deletions
diff --git a/src/binary-reader-ir.cc b/src/binary-reader-ir.cc index 6bc1c0eb..dfe2f376 100644 --- a/src/binary-reader-ir.cc +++ b/src/binary-reader-ir.cc @@ -91,6 +91,8 @@ class CodeMetadataExprQueue { }; class BinaryReaderIR : public BinaryReaderNop { + static constexpr size_t kMaxNestingDepth = 1024; // max depth of label stack + public: BinaryReaderIR(Module* out_module, const char* filename, Errors* errors); @@ -350,9 +352,9 @@ class BinaryReaderIR : public BinaryReaderNop { private: Location GetLocation() const; void PrintError(const char* format, ...); - void PushLabel(LabelType label_type, - ExprList* first, - Expr* context = nullptr); + Result PushLabel(LabelType label_type, + ExprList* first, + Expr* context = nullptr); Result BeginInitExpr(ExprList* init_expr); Result EndInitExpr(); Result PopLabel(); @@ -404,10 +406,15 @@ void WABT_PRINTF_FORMAT(2, 3) BinaryReaderIR::PrintError(const char* format, errors_->emplace_back(ErrorLevel::Error, Location(kInvalidOffset), buffer); } -void BinaryReaderIR::PushLabel(LabelType label_type, - ExprList* first, - Expr* context) { +Result BinaryReaderIR::PushLabel(LabelType label_type, + ExprList* first, + Expr* context) { + if (label_stack_.size() >= kMaxNestingDepth) { + PrintError("label stack exceeds max nesting depth"); + return Result::Error; + } label_stack_.emplace_back(label_type, first, context); + return Result::Ok; } Result BinaryReaderIR::PopLabel() { @@ -728,8 +735,7 @@ Result BinaryReaderIR::OnFunctionBodyCount(Index count) { Result BinaryReaderIR::BeginFunctionBody(Index index, Offset size) { current_func_ = module_->funcs[index]; current_func_->loc = GetLocation(); - PushLabel(LabelType::Func, ¤t_func_->exprs); - return Result::Ok; + return PushLabel(LabelType::Func, ¤t_func_->exprs); } Result BinaryReaderIR::OnLocalDecl(Index decl_index, Index count, Type type) { @@ -807,8 +813,7 @@ Result BinaryReaderIR::OnBlockExpr(Type sig_type) { SetBlockDeclaration(&expr->block.decl, sig_type); ExprList* expr_list = &expr->block.exprs; CHECK_RESULT(AppendExpr(std::move(expr))); - PushLabel(LabelType::Block, expr_list); - return Result::Ok; + return PushLabel(LabelType::Block, expr_list); } Result BinaryReaderIR::OnBrExpr(Index depth) { @@ -961,8 +966,7 @@ Result BinaryReaderIR::OnIfExpr(Type sig_type) { SetBlockDeclaration(&expr->true_.decl, sig_type); ExprList* expr_list = &expr->true_.exprs; CHECK_RESULT(AppendExpr(std::move(expr))); - PushLabel(LabelType::If, expr_list); - return Result::Ok; + return PushLabel(LabelType::If, expr_list); } Result BinaryReaderIR::OnLoadExpr(Opcode opcode, @@ -978,8 +982,7 @@ Result BinaryReaderIR::OnLoopExpr(Type sig_type) { SetBlockDeclaration(&expr->block.decl, sig_type); ExprList* expr_list = &expr->block.exprs; CHECK_RESULT(AppendExpr(std::move(expr))); - PushLabel(LabelType::Loop, expr_list); - return Result::Ok; + return PushLabel(LabelType::Loop, expr_list); } Result BinaryReaderIR::OnMemoryCopyExpr(Index srcmemidx, Index destmemidx) { @@ -1117,8 +1120,7 @@ Result BinaryReaderIR::OnTryExpr(Type sig_type) { ExprList* expr_list = &expr->block.exprs; SetBlockDeclaration(&expr->block.decl, sig_type); CHECK_RESULT(AppendExpr(std::move(expr_ptr))); - PushLabel(LabelType::Try, expr_list, expr); - return Result::Ok; + return PushLabel(LabelType::Try, expr_list, expr); } Result BinaryReaderIR::AppendCatch(Catch&& catch_) { @@ -1266,8 +1268,7 @@ Result BinaryReaderIR::BeginElemSegment(Index index, } Result BinaryReaderIR::BeginInitExpr(ExprList* expr) { - PushLabel(LabelType::InitExpr, expr); - return Result::Ok; + return PushLabel(LabelType::InitExpr, expr); } Result BinaryReaderIR::BeginElemSegmentInitExpr(Index index) { |