diff options
| author | Ben Smith <binji@chromium.org> | 2020-05-11 22:09:09 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-11 22:09:09 -0700 |
| commit | fad5a2dbdba5d98a91c4a2dea24bbff3b565e733 (patch) | |
| tree | ce655b1677d8f28e8ae8298d31b5d366d29474b2 /src | |
| parent | 58b2833ef1705e654ed14a0a55200726b9fcde80 (diff) | |
| download | wabt-fad5a2dbdba5d98a91c4a2dea24bbff3b565e733.tar.gz wabt-fad5a2dbdba5d98a91c4a2dea24bbff3b565e733.tar.bz2 wabt-fad5a2dbdba5d98a91c4a2dea24bbff3b565e733.zip | |
Prevent large allocation in br_table instruction (#1415)
The binary reader tries to allocate a vector for all of the branch
targets, but wasn't checking whether the length was excessively long.
There's already a function to do this: `ReadCount`, which errors out if
the count is longer than the section (this assumes each element requires
at least one byte).
Fixes issue #1386.
Diffstat (limited to 'src')
| -rw-r--r-- | src/binary-reader.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/binary-reader.cc b/src/binary-reader.cc index 86bb07bc..9a09560e 100644 --- a/src/binary-reader.cc +++ b/src/binary-reader.cc @@ -656,7 +656,7 @@ Result BinaryReader::ReadFunctionBody(Offset end_offset) { case Opcode::BrTable: { Index num_targets; - CHECK_RESULT(ReadIndex(&num_targets, "br_table target count")); + CHECK_RESULT(ReadCount(&num_targets, "br_table target count")); target_depths_.resize(num_targets); for (Index i = 0; i < num_targets; ++i) { |