diff options
| -rw-r--r-- | fuzz-in/wasm/stuff.wasm | bin | 186 -> 112 bytes | |||
| -rw-r--r-- | src/apply-names.c | 5 | ||||
| -rw-r--r-- | src/binary-reader-ast.c | 9 | ||||
| -rw-r--r-- | src/binary-reader.c | 13 | ||||
| -rw-r--r-- | src/tools/wasm2wast.c | 8 | ||||
| -rw-r--r-- | test/binary/bad-duplicate-section-around-custom.txt | 12 | ||||
| -rw-r--r-- | test/binary/bad-duplicate-section.txt | 11 | ||||
| -rw-r--r-- | test/binary/bad-extra-end.txt | 20 | ||||
| -rw-r--r-- | test/binary/bad-op-after-end.txt | 20 | ||||
| -rw-r--r-- | test/roundtrip/invalid-local-index.txt | 11 | ||||
| -rwxr-xr-x | test/run-roundtrip.py | 2 |
11 files changed, 98 insertions, 13 deletions
diff --git a/fuzz-in/wasm/stuff.wasm b/fuzz-in/wasm/stuff.wasm Binary files differindex 5a4ad4f4..334bb491 100644 --- a/fuzz-in/wasm/stuff.wasm +++ b/fuzz-in/wasm/stuff.wasm diff --git a/src/apply-names.c b/src/apply-names.c index 133808df..23ba7c1a 100644 --- a/src/apply-names.c +++ b/src/apply-names.c @@ -134,8 +134,9 @@ static WasmResult use_name_for_param_and_local_var(Context* ctx, WasmFunc* func, WasmVar* var) { int local_index = wasm_get_local_index_by_var(func, var); - assert(local_index >= 0 && - (size_t)local_index < wasm_get_num_params_and_locals(func)); + if (local_index < 0 || + (size_t)local_index >= wasm_get_num_params_and_locals(func)) + return WASM_ERROR; uint32_t num_params = wasm_get_num_params(func); WasmStringSlice* name; diff --git a/src/binary-reader-ast.c b/src/binary-reader-ast.c index 68c49be7..22b71d9f 100644 --- a/src/binary-reader-ast.c +++ b/src/binary-reader-ast.c @@ -90,8 +90,8 @@ static WasmResult pop_label(Context* ctx) { static WasmResult get_label_at(Context* ctx, LabelNode** label, uint32_t depth) { - if (depth > ctx->label_stack.size) { - print_error(ctx, "accessing stack depth: %u > max: %" PRIzd, depth, + if (depth >= ctx->label_stack.size) { + print_error(ctx, "accessing stack depth: %u >= max: %" PRIzd, depth, ctx->label_stack.size); return WASM_ERROR; } @@ -116,7 +116,10 @@ static void dup_name(Context* ctx, static WasmResult append_expr(Context* ctx, WasmExpr* expr) { LabelNode* label; - CHECK_RESULT(top_label(ctx, &label)); + if (WASM_FAILED(top_label(ctx, &label))) { + wasm_free(ctx->allocator, expr); + return WASM_ERROR; + } if (*label->first) { label->last->next = expr; label->last = expr; diff --git a/src/binary-reader.c b/src/binary-reader.c index 028ef99f..9223935a 100644 --- a/src/binary-reader.c +++ b/src/binary-reader.c @@ -122,7 +122,7 @@ typedef struct Context { WasmTypeVector param_types; Uint32Vector target_depths; const WasmReadBinaryOptions* options; - WasmBinarySection last_section_code; + WasmBinarySection last_known_section_code; uint32_t num_signatures; uint32_t num_imports; uint32_t num_func_imports; @@ -1643,7 +1643,7 @@ static void read_custom_section(Context* ctx, uint32_t section_size) { CALLBACK_CTX(begin_custom_section, section_size, section_name); WasmBool name_section_ok = - ctx->last_section_code >= WASM_BINARY_SECTION_IMPORT; + ctx->last_known_section_code >= WASM_BINARY_SECTION_IMPORT; if (ctx->options->read_debug_names && name_section_ok && strncmp(section_name.start, WASM_BINARY_SECTION_NAME, section_name.length) == 0) { @@ -1997,9 +1997,9 @@ static void read_sections(Context* ctx) { if (ctx->read_end > ctx->data_size) RAISE_ERROR("invalid section size: extends past end"); - if (ctx->last_section_code != WASM_NUM_BINARY_SECTIONS && + if (ctx->last_known_section_code != WASM_NUM_BINARY_SECTIONS && section_code != WASM_BINARY_SECTION_CUSTOM && - section_code <= ctx->last_section_code) { + section_code <= ctx->last_known_section_code) { RAISE_ERROR("section %s out of order", s_section_name[section_code]); } @@ -2024,7 +2024,8 @@ static void read_sections(Context* ctx) { ctx->read_end); } - ctx->last_section_code = section_code; + if (section_code != WASM_BINARY_SECTION_CUSTOM) + ctx->last_known_section_code = section_code; } } @@ -2051,7 +2052,7 @@ WasmResult wasm_read_binary(WasmAllocator* allocator, ctx->data_size = ctx->read_end = size; ctx->reader = options->log_stream ? &logging_reader : reader; ctx->options = options; - ctx->last_section_code = WASM_NUM_BINARY_SECTIONS; + ctx->last_known_section_code = WASM_NUM_BINARY_SECTIONS; if (setjmp(ctx->error_jmp_buf) == 1) { destroy_context(ctx); diff --git a/src/tools/wasm2wast.c b/src/tools/wasm2wast.c index 55050f96..05ddcf77 100644 --- a/src/tools/wasm2wast.c +++ b/src/tools/wasm2wast.c @@ -173,8 +173,12 @@ int main(int argc, char** argv) { if (s_generate_names) result = wasm_generate_names(allocator, &module); - if (WASM_SUCCEEDED(result)) - result = wasm_apply_names(allocator, &module); + if (WASM_SUCCEEDED(result)) { + /* TODO(binji): This shouldn't fail; if a name can't be applied + * (because the index is invalid, say) it should just be skipped. */ + WasmResult dummy_result = wasm_apply_names(allocator, &module); + WASM_USE(dummy_result); + } if (WASM_SUCCEEDED(result)) { WasmFileWriter file_writer; diff --git a/test/binary/bad-duplicate-section-around-custom.txt b/test/binary/bad-duplicate-section-around-custom.txt new file mode 100644 index 00000000..04c20c40 --- /dev/null +++ b/test/binary/bad-duplicate-section-around-custom.txt @@ -0,0 +1,12 @@ +;;; ERROR: 1 +;;; TOOL: run-gen-wasm +magic +version +section(TYPE) { count[0] } +section("foo") { 1 2 3 4 } +section(TYPE) { count[0] } +(;; STDERR ;;; +Error running "wasm2wast": +error: @0x00000017: section TYPE out of order + +;;; STDERR ;;) diff --git a/test/binary/bad-duplicate-section.txt b/test/binary/bad-duplicate-section.txt new file mode 100644 index 00000000..5149cba5 --- /dev/null +++ b/test/binary/bad-duplicate-section.txt @@ -0,0 +1,11 @@ +;;; ERROR: 1 +;;; TOOL: run-gen-wasm +magic +version +section(TYPE) { count[0] } +section(TYPE) { count[0] } +(;; STDERR ;;; +Error running "wasm2wast": +error: @0x0000000d: section TYPE out of order + +;;; STDERR ;;) diff --git a/test/binary/bad-extra-end.txt b/test/binary/bad-extra-end.txt new file mode 100644 index 00000000..3ec6acd9 --- /dev/null +++ b/test/binary/bad-extra-end.txt @@ -0,0 +1,20 @@ +;;; ERROR: 1 +;;; TOOL: run-gen-wasm +magic +version +section(TYPE) { count[1] function params[0] results[1] i32 } +section(FUNCTION) { count[1] type[0] } +section(CODE) { + count[1] + func { + locals[0] + end + end + } +} +(;; STDERR ;;; +Error running "wasm2wast": +error: popping empty label stack +error: @0x0000001a: on_end_expr callback failed + +;;; STDERR ;;) diff --git a/test/binary/bad-op-after-end.txt b/test/binary/bad-op-after-end.txt new file mode 100644 index 00000000..48f0d923 --- /dev/null +++ b/test/binary/bad-op-after-end.txt @@ -0,0 +1,20 @@ +;;; ERROR: 1 +;;; TOOL: run-gen-wasm +magic +version +section(TYPE) { count[1] function params[0] results[1] i32 } +section(FUNCTION) { count[1] type[0] } +section(CODE) { + count[1] + func { + locals[0] + end + nop + } +} +(;; STDERR ;;; +Error running "wasm2wast": +error: accessing stack depth: 0 >= max: 0 +error: @0x0000001a: on_nop_expr callback failed + +;;; STDERR ;;) diff --git a/test/roundtrip/invalid-local-index.txt b/test/roundtrip/invalid-local-index.txt new file mode 100644 index 00000000..332446dd --- /dev/null +++ b/test/roundtrip/invalid-local-index.txt @@ -0,0 +1,11 @@ +;;; TOOL: run-roundtrip +;;; FLAGS: --stdout --no-check +(module + (func + set_local 0)) +(;; STDOUT ;;; +(module + (type (;0;) (func)) + (func (;0;) (type 0) + set_local 0)) +;;; STDOUT ;;) diff --git a/test/run-roundtrip.py b/test/run-roundtrip.py index b40eb852..01059e65 100755 --- a/test/run-roundtrip.py +++ b/test/run-roundtrip.py @@ -115,6 +115,7 @@ def main(args): parser.add_argument('-p', '--print-cmd', help='print the commands that are run.', action='store_true') parser.add_argument('--use-libc-allocator', action='store_true') + parser.add_argument('--no-check', action='store_true') parser.add_argument('--debug-names', action='store_true') parser.add_argument('--generate-names', action='store_true') parser.add_argument('file', help='test file.') @@ -125,6 +126,7 @@ def main(args): error_cmdline=options.error_cmdline) wast2wasm.AppendOptionalArgs({ '--debug-names': options.debug_names, + '--no-check': options.no_check, '--use-libc-allocator': options.use_libc_allocator }) |