diff options
| author | Ben Smith <binjimin@gmail.com> | 2017-05-12 16:34:54 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-12 16:34:54 -0700 |
| commit | 5d10e89b5d796edc62cfb6bc3f806d8a1b1272c0 (patch) | |
| tree | 5d75d64fbaa4b6cb5f6d945bfc4235066e5b2574 /src/binary-reader.cc | |
| parent | a220185a7adc14251d86fb8d22141f5596f8ed30 (diff) | |
| download | wabt-5d10e89b5d796edc62cfb6bc3f806d8a1b1272c0.tar.gz wabt-5d10e89b5d796edc62cfb6bc3f806d8a1b1272c0.tar.bz2 wabt-5d10e89b5d796edc62cfb6bc3f806d8a1b1272c0.zip | |
Add fuzzing helper scripts, fix fuzzing bugs (#416)
* Add fuzzing helper scripts, fix fuzzing bugs
The fuzzing dictionary was old, so I updated it. Also, I've added some
simple fuzzing shell scripts that make it a bit easier to run.
Bug fixes:
* Validate function index in local name section before calling callback.
* Fix invalid assert in parse_{float,double}_infinity, which assumed
that "infinity" is required (it could be "inf").
* Bail out of resolve local names if there is no current function (e.g.
if attempting to resolve names in an elem offset expression).
* Catch bad_alloc in wast2wasm and wasm2wast. Without this, afl-fuzz
will see allocation failure as a crash.
* disable exceptions by default, add option, wrap tools in try/catch
Diffstat (limited to 'src/binary-reader.cc')
| -rw-r--r-- | src/binary-reader.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/binary-reader.cc b/src/binary-reader.cc index 778c1ed6..4425f6ea 100644 --- a/src/binary-reader.cc +++ b/src/binary-reader.cc @@ -950,6 +950,8 @@ static void read_names_section(Context* ctx, uint32_t section_size) { for (uint32_t j = 0; j < num_funcs; ++j) { uint32_t function_index; in_u32_leb128(ctx, &function_index, "function index"); + RAISE_ERROR_UNLESS(function_index < num_total_funcs(ctx), + "invalid function index: %u", function_index); uint32_t num_locals; in_u32_leb128(ctx, &num_locals, "local count"); CALLBACK(OnLocalNameLocalCount, function_index, num_locals); |