summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/binary-reader.cc25
-rw-r--r--test/binary/bad-duplicate-subsection.txt25
-rw-r--r--test/binary/bad-subsection-out-of-order.txt25
-rw-r--r--test/binary/bad-subsection-size.txt24
-rw-r--r--test/binary/bad-subsection-unfinished.txt28
-rw-r--r--test/binary/names.txt4
-rw-r--r--test/binary/no-global-names.txt2
7 files changed, 126 insertions, 7 deletions
diff --git a/src/binary-reader.cc b/src/binary-reader.cc
index f36ab0b8..67ea4672 100644
--- a/src/binary-reader.cc
+++ b/src/binary-reader.cc
@@ -1600,11 +1600,24 @@ static void read_custom_section(Context* ctx, uint32_t section_size) {
section_name.length) == 0) {
CALLBACK_SECTION(begin_names_section, section_size);
uint32_t i = 0;
+ size_t previous_read_end = ctx->read_end;
+ uint32_t previous_subsection_type = 0;
while (ctx->offset < ctx->read_end) {
uint32_t name_type;
uint32_t subsection_size;
in_u32_leb128(ctx, &name_type, "name type");
+ if (i != 0) {
+ if (name_type == previous_subsection_type)
+ RAISE_ERROR("duplicate sub-section");
+ if (name_type < previous_subsection_type)
+ RAISE_ERROR("out-of-order sub-section");
+ }
+ previous_subsection_type = name_type;
in_u32_leb128(ctx, &subsection_size, "subsection size");
+ size_t subsection_end = ctx->offset + subsection_size;
+ if (subsection_end > ctx->read_end)
+ RAISE_ERROR("invalid sub-section size: extends past end");
+ ctx->read_end = subsection_end;
switch (static_cast<NameSectionSubsection>(name_type)) {
case NameSectionSubsection::Function:
@@ -1622,7 +1635,6 @@ static void read_custom_section(Context* ctx, uint32_t section_size) {
CALLBACK(on_function_name, function_index, function_name);
}
}
- ++i;
break;
case NameSectionSubsection::Local:
CALLBACK(on_local_name_subsection, i, name_type, subsection_size);
@@ -1646,13 +1658,18 @@ static void read_custom_section(Context* ctx, uint32_t section_size) {
}
}
}
- ++i;
break;
default:
- /* unknown subsection, skip rest of section */
- ctx->offset = ctx->read_end;
+ /* unknown subsection, skip it */
+ ctx->offset = subsection_end;
break;
}
+ ++i;
+ if (ctx->offset != subsection_end) {
+ RAISE_ERROR("unfinished sub-section (expected end: 0x%" PRIzx ")",
+ subsection_end);
+ }
+ ctx->read_end = previous_read_end;
}
CALLBACK_CTX0(end_names_section);
} else if (strncmp(section_name.start, WABT_BINARY_SECTION_RELOC,
diff --git a/test/binary/bad-duplicate-subsection.txt b/test/binary/bad-duplicate-subsection.txt
new file mode 100644
index 00000000..5e95c163
--- /dev/null
+++ b/test/binary/bad-duplicate-subsection.txt
@@ -0,0 +1,25 @@
+;;; ERROR: 1
+;;; TOOL: run-gen-wasm
+magic
+version
+section(TYPE) { count[1] function params[0] results[1] i32 }
+section(FUNCTION) { count[1] type[0] }
+section(CODE) {
+ count[1]
+ func {
+ locals[decl_count[1] i32_count[1] i32]
+ get_local 0
+ }
+}
+section("name") {
+ subsection_type[1]
+ subsection_length[1]
+ count[0]
+ subsection_type[1]
+ subsection_length[1]
+ count[0]
+}
+(;; STDERR ;;;
+Error running "wasm2wast":
+error: @0x00000028: duplicate sub-section
+;;; STDERR ;;)
diff --git a/test/binary/bad-subsection-out-of-order.txt b/test/binary/bad-subsection-out-of-order.txt
new file mode 100644
index 00000000..96d2063d
--- /dev/null
+++ b/test/binary/bad-subsection-out-of-order.txt
@@ -0,0 +1,25 @@
+;;; ERROR: 1
+;;; TOOL: run-gen-wasm
+magic
+version
+section(TYPE) { count[1] function params[0] results[1] i32 }
+section(FUNCTION) { count[1] type[0] }
+section(CODE) {
+ count[1]
+ func {
+ locals[decl_count[1] i32_count[1] i32]
+ get_local 0
+ }
+}
+section("name") {
+ subsection_type[2]
+ subsection_length[1]
+ count[0]
+ subsection_type[1]
+ subsection_length[1]
+ count[0]
+}
+(;; STDERR ;;;
+Error running "wasm2wast":
+error: @0x00000028: out-of-order sub-section
+;;; STDERR ;;)
diff --git a/test/binary/bad-subsection-size.txt b/test/binary/bad-subsection-size.txt
new file mode 100644
index 00000000..3ff90af7
--- /dev/null
+++ b/test/binary/bad-subsection-size.txt
@@ -0,0 +1,24 @@
+;;; ERROR: 1
+;;; TOOL: run-gen-wasm
+magic
+version
+section(TYPE) { count[1] function params[0] results[1] i32 }
+section(FUNCTION) { count[1] type[0] }
+section(CODE) {
+ count[1]
+ func {
+ locals[decl_count[1] i32_count[1] i32]
+ get_local 0
+ }
+}
+section("name") {
+ subsection[1]
+ length[1]
+ func_count[1]
+ index[0]
+ str("$F0")
+}
+(;; STDERR ;;;
+Error running "wasm2wast":
+error: @0x00000027: unable to read u32 leb128: function index
+;;; STDERR ;;)
diff --git a/test/binary/bad-subsection-unfinished.txt b/test/binary/bad-subsection-unfinished.txt
new file mode 100644
index 00000000..ff9703a0
--- /dev/null
+++ b/test/binary/bad-subsection-unfinished.txt
@@ -0,0 +1,28 @@
+;;; ERROR: 1
+;;; TOOL: run-gen-wasm
+magic
+version
+section(TYPE) { count[1] function params[0] results[1] i32 }
+section(FUNCTION) { count[1] type[0] }
+section(CODE) {
+ count[1]
+ func {
+ locals[decl_count[1] i32_count[1] i32]
+ get_local 0
+ }
+}
+section("name") {
+ subsection[1]
+ length[10]
+ func_count[1]
+ index[0]
+ str("$F0")
+ subsection[1]
+ data[1]
+ data[1]
+ data[1]
+}
+(;; STDERR ;;;
+Error running "wasm2wast":
+error: @0x0000002c: unfinished sub-section (expected end: 0x30)
+;;; STDERR ;;)
diff --git a/test/binary/names.txt b/test/binary/names.txt
index 7481dba9..9edcd3b9 100644
--- a/test/binary/names.txt
+++ b/test/binary/names.txt
@@ -12,12 +12,12 @@ section(CODE) {
}
section("name") {
subsection[1]
- length[1]
+ length[6]
func_count[1]
index[0]
str("$F0")
subsection[2]
- length[1]
+ length[8]
func_count[1]
index[0]
local_count[1]
diff --git a/test/binary/no-global-names.txt b/test/binary/no-global-names.txt
index 77f15eae..82185a31 100644
--- a/test/binary/no-global-names.txt
+++ b/test/binary/no-global-names.txt
@@ -21,7 +21,7 @@ section(CODE) {
}
section("name") {
subsection[1]
- length[1]
+ length[6]
func_count[1]
index[0]
str("bar")
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-08 04:49:10 +0000