Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2151)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/wasm/module-decoder.cc

Issue 2310023002: [wasm] Validate the length of strings before validating the string. (Closed)
Patch Set: Use consume_bytes to validate string length. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | test/unittests/wasm/module-decoder-unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/wasm/module-decoder.cc
diff --git a/src/wasm/module-decoder.cc b/src/wasm/module-decoder.cc
index 09b52a45c5b32da638a3adbe0bf0d75869e700e2..cf855af21b2b6c7820d80e106be5bda2dfc2372e 100644
--- a/src/wasm/module-decoder.cc
+++ b/src/wasm/module-decoder.cc
@@ -587,10 +587,13 @@ class ModuleDecoder : public Decoder {
*length = consume_u32v("string length");
uint32_t offset = pc_offset();
TRACE(" +%u %-20s: (%u bytes)\n", offset, "string", *length);
- if (validate_utf8 && !unibrow::Utf8::Validate(pc_, *length)) {
- error(pc_, "no valid UTF-8 string");
- }
+ const byte* string_start = pc_;
+ // Consume bytes before validation to guarantee that the string is not oob.
consume_bytes(*length);
+ if (ok() && validate_utf8 &&
+ !unibrow::Utf8::Validate(string_start, *length)) {
+ error(string_start, "no valid UTF-8 string");
+ }
return offset;
}
« no previous file with comments | « no previous file | test/unittests/wasm/module-decoder-unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698