Chromium Code Reviews Chromium Code Reviews
Issue 2052623003:
[wasm] improve handling of malformed input (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 the V8 project authors. All rights reserved. | 1 // Copyright 2015 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef V8_WASM_AST_DECODER_H_ | 5 #ifndef V8_WASM_AST_DECODER_H_ |
| 6 #define V8_WASM_AST_DECODER_H_ | 6 #define V8_WASM_AST_DECODER_H_ |
| 7 | 7 |
| 8 #include "src/signature.h" | 8 #include "src/signature.h" |
| 9 #include "src/wasm/decoder.h" | 9 #include "src/wasm/decoder.h" |
| 10 #include "src/wasm/wasm-opcodes.h" | 10 #include "src/wasm/wasm-opcodes.h" |
| 11 #include "src/wasm/wasm-result.h" | 11 #include "src/wasm/wasm-result.h" |
| 12 | 12 |
| 13 namespace v8 { | 13 namespace v8 { |
| 14 namespace internal { | 14 namespace internal { |
| 15 | 15 |
| 16 class BitVector; // forward declaration | 16 class BitVector; // forward declaration |
| 17 | 17 |
| 18 namespace compiler { // external declarations from compiler. | 18 namespace compiler { // external declarations from compiler. |
| 19 class WasmGraphBuilder; | 19 class WasmGraphBuilder; |
| 20 } | 20 } |
| 21 | 21 |
| 22 namespace wasm { | 22 namespace wasm { |
| 23 | 23 |
| 24 // Helpers for decoding different kinds of operands which follow bytecodes. | 24 // Helpers for decoding different kinds of operands which follow bytecodes. |
| 25 struct LocalIndexOperand { | 25 struct LocalIndexOperand { |
| 26 uint32_t index; | 26 uint32_t index; |
| 27 LocalType type; | 27 LocalType type; |
| 28 int length; | 28 unsigned length; |
| 29 | 29 |
| 30 inline LocalIndexOperand(Decoder* decoder, const byte* pc) { | 30 inline LocalIndexOperand(Decoder* decoder, const byte* pc) { |
| 31 index = decoder->checked_read_u32v(pc, 1, &length, "local index"); | 31 index = decoder->checked_read_u32v(pc, 1, &length, "local index"); |
| 32 type = kAstStmt; | 32 type = kAstStmt; |
| 33 } | 33 } |
| 34 }; | 34 }; |
| 35 | 35 |
| 36 struct ImmI8Operand { | 36 struct ImmI8Operand { |
| 37 int8_t value; | 37 int8_t value; |
| 38 int length; | 38 unsigned length; |
| 39 inline ImmI8Operand(Decoder* decoder, const byte* pc) { | 39 inline ImmI8Operand(Decoder* decoder, const byte* pc) { |
| 40 value = bit_cast<int8_t>(decoder->checked_read_u8(pc, 1, "immi8")); | 40 value = bit_cast<int8_t>(decoder->checked_read_u8(pc, 1, "immi8")); |
| 41 length = 1; | 41 length = 1; |
| 42 } | 42 } |
| 43 }; | 43 }; |
| 44 | 44 |
| 45 struct ImmI32Operand { | 45 struct ImmI32Operand { |
| 46 int32_t value; | 46 int32_t value; |
| 47 int length; | 47 unsigned length; |
| 48 inline ImmI32Operand(Decoder* decoder, const byte* pc) { | 48 inline ImmI32Operand(Decoder* decoder, const byte* pc) { |
| 49 value = decoder->checked_read_i32v(pc, 1, &length, "immi32"); | 49 value = decoder->checked_read_i32v(pc, 1, &length, "immi32"); |
| 50 } | 50 } |
| 51 }; | 51 }; |
| 52 | 52 |
| 53 struct ImmI64Operand { | 53 struct ImmI64Operand { |
| 54 int64_t value; | 54 int64_t value; |
| 55 int length; | 55 unsigned length; |
| 56 inline ImmI64Operand(Decoder* decoder, const byte* pc) { | 56 inline ImmI64Operand(Decoder* decoder, const byte* pc) { |
| 57 value = decoder->checked_read_i64v(pc, 1, &length, "immi64"); | 57 value = decoder->checked_read_i64v(pc, 1, &length, "immi64"); |
| 58 } | 58 } |
| 59 }; | 59 }; |
| 60 | 60 |
| 61 struct ImmF32Operand { | 61 struct ImmF32Operand { |
| 62 float value; | 62 float value; |
| 63 int length; | 63 unsigned length; |
| 64 inline ImmF32Operand(Decoder* decoder, const byte* pc) { | 64 inline ImmF32Operand(Decoder* decoder, const byte* pc) { |
| 65 value = bit_cast<float>(decoder->checked_read_u32(pc, 1, "immf32")); | 65 value = bit_cast<float>(decoder->checked_read_u32(pc, 1, "immf32")); |
| 66 length = 4; | 66 length = 4; |
| 67 } | 67 } |
| 68 }; | 68 }; |
| 69 | 69 |
| 70 struct ImmF64Operand { | 70 struct ImmF64Operand { |
| 71 double value; | 71 double value; |
| 72 int length; | 72 unsigned length; |
| 73 inline ImmF64Operand(Decoder* decoder, const byte* pc) { | 73 inline ImmF64Operand(Decoder* decoder, const byte* pc) { |
| 74 value = bit_cast<double>(decoder->checked_read_u64(pc, 1, "immf64")); | 74 value = bit_cast<double>(decoder->checked_read_u64(pc, 1, "immf64")); |
| 75 length = 8; | 75 length = 8; |
| 76 } | 76 } |
| 77 }; | 77 }; |
| 78 | 78 |
| 79 struct GlobalIndexOperand { | 79 struct GlobalIndexOperand { |
| 80 uint32_t index; | 80 uint32_t index; |
| 81 LocalType type; | 81 LocalType type; |
| 82 MachineType machine_type; | 82 MachineType machine_type; |
| 83 int length; | 83 unsigned length; |
| 84 | 84 |
| 85 inline GlobalIndexOperand(Decoder* decoder, const byte* pc) { | 85 inline GlobalIndexOperand(Decoder* decoder, const byte* pc) { |
| 86 index = decoder->checked_read_u32v(pc, 1, &length, "global index"); | 86 index = decoder->checked_read_u32v(pc, 1, &length, "global index"); |
| 87 type = kAstStmt; | 87 type = kAstStmt; |
| 88 machine_type = MachineType::None(); | 88 machine_type = MachineType::None(); |
| 89 } | 89 } |
| 90 }; | 90 }; |
| 91 | 91 |
| 92 struct Control; | 92 struct Control; |
| 93 struct BreakDepthOperand { | 93 struct BreakDepthOperand { |
| 94 uint32_t arity; | 94 uint32_t arity; |
| 95 uint32_t depth; | 95 uint32_t depth; |
| 96 Control* target; | 96 Control* target; |
| 97 int length; | 97 unsigned length; |
| 98 inline BreakDepthOperand(Decoder* decoder, const byte* pc) { | 98 inline BreakDepthOperand(Decoder* decoder, const byte* pc) { |
| 99 int len1 = 0; | 99 unsigned len1 = 0; |
| 100 int len2 = 0; | 100 unsigned len2 = 0; |
| 101 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); | 101 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); |
| 102 depth = decoder->checked_read_u32v(pc, 1 + len1, &len2, "break depth"); | 102 depth = decoder->checked_read_u32v(pc, 1 + len1, &len2, "break depth"); |
| 103 length = len1 + len2; | 103 length = len1 + len2; |
| 104 target = nullptr; | 104 target = nullptr; |
| 105 } | 105 } |
| 106 }; | 106 }; |
| 107 | 107 |
| 108 struct CallIndirectOperand { | 108 struct CallIndirectOperand { |
| 109 uint32_t arity; | 109 uint32_t arity; |
| 110 uint32_t index; | 110 uint32_t index; |
| 111 FunctionSig* sig; | 111 FunctionSig* sig; |
| 112 int length; | 112 unsigned length; |
| 113 inline CallIndirectOperand(Decoder* decoder, const byte* pc) { | 113 inline CallIndirectOperand(Decoder* decoder, const byte* pc) { |
| 114 int len1 = 0; | 114 unsigned len1 = 0; |
| 115 int len2 = 0; | 115 unsigned len2 = 0; |
| 116 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); | 116 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); |
| 117 index = decoder->checked_read_u32v(pc, 1 + len1, &len2, "signature index"); | 117 index = decoder->checked_read_u32v(pc, 1 + len1, &len2, "signature index"); |
| 118 length = len1 + len2; | 118 length = len1 + len2; |
| 119 sig = nullptr; | 119 sig = nullptr; |
| 120 } | 120 } |
| 121 }; | 121 }; |
| 122 | 122 |
| 123 struct CallFunctionOperand { | 123 struct CallFunctionOperand { |
| 124 uint32_t arity; | 124 uint32_t arity; |
| 125 uint32_t index; | 125 uint32_t index; |
| 126 FunctionSig* sig; | 126 FunctionSig* sig; |
| 127 int length; | 127 unsigned length; |
| 128 inline CallFunctionOperand(Decoder* decoder, const byte* pc) { | 128 inline CallFunctionOperand(Decoder* decoder, const byte* pc) { |
| 129 int len1 = 0; | 129 unsigned len1 = 0; |
| 130 int len2 = 0; | 130 unsigned len2 = 0; |
| 131 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); | 131 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); |
| 132 index = decoder->checked_read_u32v(pc, 1 + len1, &len2, "function index"); | 132 index = decoder->checked_read_u32v(pc, 1 + len1, &len2, "function index"); |
| 133 length = len1 + len2; | 133 length = len1 + len2; |
| 134 sig = nullptr; | 134 sig = nullptr; |
| 135 } | 135 } |
| 136 }; | 136 }; |
| 137 | 137 |
| 138 struct CallImportOperand { | 138 struct CallImportOperand { |
| 139 uint32_t arity; | 139 uint32_t arity; |
| 140 uint32_t index; | 140 uint32_t index; |
| 141 FunctionSig* sig; | 141 FunctionSig* sig; |
| 142 int length; | 142 unsigned length; |
| 143 inline CallImportOperand(Decoder* decoder, const byte* pc) { | 143 inline CallImportOperand(Decoder* decoder, const byte* pc) { |
| 144 int len1 = 0; | 144 unsigned len1 = 0; |
| 145 int len2 = 0; | 145 unsigned len2 = 0; |
| 146 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); | 146 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); |
| 147 index = decoder->checked_read_u32v(pc, 1 + len1, &len2, "import index"); | 147 index = decoder->checked_read_u32v(pc, 1 + len1, &len2, "import index"); |
| 148 length = len1 + len2; | 148 length = len1 + len2; |
| 149 sig = nullptr; | 149 sig = nullptr; |
| 150 } | 150 } |
| 151 }; | 151 }; |
| 152 | 152 |
| 153 struct BranchTableOperand { | 153 struct BranchTableOperand { |
| 154 uint32_t arity; | 154 uint32_t arity; |
| 155 uint32_t table_count; | 155 uint32_t table_count; |
| 156 const byte* table; | 156 const byte* table; |
| 157 int length; | 157 unsigned length; |
| 158 inline BranchTableOperand(Decoder* decoder, const byte* pc) { | 158 inline BranchTableOperand(Decoder* decoder, const byte* pc) { |
| 159 int len1 = 0; | 159 unsigned len1 = 0; |
| 160 int len2 = 0; | 160 unsigned len2 = 0; |
| 161 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); | 161 arity = decoder->checked_read_u32v(pc, 1, &len1, "argument count"); |
| 162 table_count = | 162 table_count = |
| 163 decoder->checked_read_u32v(pc, 1 + len1, &len2, "table count"); | 163 decoder->checked_read_u32v(pc, 1 + len1, &len2, "table count"); |
| 164 CHECK(table_count <= (UINT_MAX / sizeof(uint32_t)) - 1); | |
|
bradnelson
2016/06/24 18:40:47
I believe by check, Ben meant invoke error on over
| |
| 165 CHECK(len1 + len2 <= UINT_MAX - (table_count + 1) * sizeof(uint32_t)); | |
| 164 length = len1 + len2 + (table_count + 1) * sizeof(uint32_t); | 166 length = len1 + len2 + (table_count + 1) * sizeof(uint32_t); |
| 165 | 167 |
| 166 uint32_t table_start = 1 + len1 + len2; | 168 uint32_t table_start = 1 + len1 + len2; |
| 167 if (decoder->check(pc, table_start, (table_count + 1) * sizeof(uint32_t), | 169 if (decoder->check(pc, table_start, (table_count + 1) * sizeof(uint32_t), |
| 168 "expected <table entries>")) { | 170 "expected <table entries>")) { |
| 169 table = pc + table_start; | 171 table = pc + table_start; |
| 170 } else { | 172 } else { |
| 171 table = nullptr; | 173 table = nullptr; |
| 172 } | 174 } |
| 173 } | 175 } |
| 174 inline uint32_t read_entry(Decoder* decoder, int i) { | 176 inline uint32_t read_entry(Decoder* decoder, unsigned i) { |
| 175 DCHECK(i >= 0 && static_cast<uint32_t>(i) <= table_count); | 177 DCHECK(i <= table_count); |
| 176 return table ? decoder->read_u32(table + i * sizeof(uint32_t)) : 0; | 178 return table ? decoder->read_u32(table + i * sizeof(uint32_t)) : 0; |
| 177 } | 179 } |
| 178 }; | 180 }; |
| 179 | 181 |
| 180 struct MemoryAccessOperand { | 182 struct MemoryAccessOperand { |
| 181 uint32_t alignment; | 183 uint32_t alignment; |
| 182 uint32_t offset; | 184 uint32_t offset; |
| 183 int length; | 185 unsigned length; |
| 184 inline MemoryAccessOperand(Decoder* decoder, const byte* pc) { | 186 inline MemoryAccessOperand(Decoder* decoder, const byte* pc) { |
| 185 int alignment_length; | 187 unsigned alignment_length; |
| 186 alignment = | 188 alignment = |
| 187 decoder->checked_read_u32v(pc, 1, &alignment_length, "alignment"); | 189 decoder->checked_read_u32v(pc, 1, &alignment_length, "alignment"); |
| 188 int offset_length; | 190 unsigned offset_length; |
| 189 offset = decoder->checked_read_u32v(pc, 1 + alignment_length, | 191 offset = decoder->checked_read_u32v(pc, 1 + alignment_length, |
| 190 &offset_length, "offset"); | 192 &offset_length, "offset"); |
| 191 length = alignment_length + offset_length; | 193 length = alignment_length + offset_length; |
| 192 } | 194 } |
| 193 }; | 195 }; |
| 194 | 196 |
| 195 struct ReturnArityOperand { | 197 struct ReturnArityOperand { |
| 196 uint32_t arity; | 198 uint32_t arity; |
| 197 int length; | 199 unsigned length; |
| 198 | 200 |
| 199 inline ReturnArityOperand(Decoder* decoder, const byte* pc) { | 201 inline ReturnArityOperand(Decoder* decoder, const byte* pc) { |
| 200 arity = decoder->checked_read_u32v(pc, 1, &length, "return count"); | 202 arity = decoder->checked_read_u32v(pc, 1, &length, "return count"); |
| 201 } | 203 } |
| 202 }; | 204 }; |
| 203 | 205 |
| 204 typedef compiler::WasmGraphBuilder TFBuilder; | 206 typedef compiler::WasmGraphBuilder TFBuilder; |
| 205 struct ModuleEnv; // forward declaration of module interface. | 207 struct ModuleEnv; // forward declaration of module interface. |
| 206 | 208 |
| 207 // All of the various data structures necessary to decode a function body. | 209 // All of the various data structures necessary to decode a function body. |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 255 // Constructor initializes the vector. | 257 // Constructor initializes the vector. |
| 256 explicit AstLocalDecls(Zone* zone) | 258 explicit AstLocalDecls(Zone* zone) |
| 257 : decls_encoded_size(0), total_local_count(0), local_types(zone) {} | 259 : decls_encoded_size(0), total_local_count(0), local_types(zone) {} |
| 258 }; | 260 }; |
| 259 | 261 |
| 260 bool DecodeLocalDecls(AstLocalDecls& decls, const byte* start, const byte* end); | 262 bool DecodeLocalDecls(AstLocalDecls& decls, const byte* start, const byte* end); |
| 261 BitVector* AnalyzeLoopAssignmentForTesting(Zone* zone, size_t num_locals, | 263 BitVector* AnalyzeLoopAssignmentForTesting(Zone* zone, size_t num_locals, |
| 262 const byte* start, const byte* end); | 264 const byte* start, const byte* end); |
| 263 | 265 |
| 264 // Computes the length of the opcode at the given address. | 266 // Computes the length of the opcode at the given address. |
| 265 int OpcodeLength(const byte* pc, const byte* end); | 267 unsigned OpcodeLength(const byte* pc, const byte* end); |
| 266 | 268 |
| 267 // Computes the arity (number of sub-nodes) of the opcode at the given address. | 269 // Computes the arity (number of sub-nodes) of the opcode at the given address. |
| 268 int OpcodeArity(const byte* pc, const byte* end); | 270 unsigned OpcodeArity(const byte* pc, const byte* end); |
| 269 | 271 |
| 270 } // namespace wasm | 272 } // namespace wasm |
| 271 } // namespace internal | 273 } // namespace internal |
| 272 } // namespace v8 | 274 } // namespace v8 |
| 273 | 275 |
| 274 #endif // V8_WASM_AST_DECODER_H_ | 276 #endif // V8_WASM_AST_DECODER_H_ |
| OLD | NEW |
