src/wasm/function-body-decoder.cc - Issue 2640453003: [wasm] Fix and tighten memory validation

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/wasm/function-body-decoder.cc

Issue 2640453003: [wasm] Fix and tighten memory validation (Closed)

Patch Set: Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/wasm/function-body-decoder.cc

diff --git a/src/wasm/function-body-decoder.cc b/src/wasm/function-body-decoder.cc

index 152fba1ffe92a42b9cd27c05f1180134cde89ef9..c48ad31136e517bddda3b37b652fa707a4be7db6 100644

--- a/src/wasm/function-body-decoder.cc

+++ b/src/wasm/function-body-decoder.cc

@@ -1112,6 +1112,10 @@ class WasmFullDecoder : public WasmDecoder {

len = DecodeStoreMem(kWasmF64, MachineType::Float64());

break;

case kExprGrowMemory: {

+ if (!module_->has_memory) {

titzer 2017/01/18 10:17:30 Can you factor out a little helper to turn this in

rossberg 2017/01/18 11:28:09 Done.

+ error(pc_ - 1, "memory instruction with no memory");

+ break;

+ }

MemoryIndexOperand operand(this, pc_);

DCHECK_NOT_NULL(module_);

if (module_->origin != kAsmJsOrigin) {

@@ -1124,6 +1128,10 @@ class WasmFullDecoder : public WasmDecoder {

break;

}

case kExprMemorySize: {

+ if (!module_->has_memory) {

+ error(pc_ - 1, "memory instruction with no memory");

+ break;

+ }

MemoryIndexOperand operand(this, pc_);

Push(kWasmI32, BUILD(CurrentMemoryPages));

len = 1 + operand.length;

@@ -1304,6 +1312,10 @@ class WasmFullDecoder : public WasmDecoder {

void PopControl() { control_.pop_back(); }

int DecodeLoadMem(ValueType type, MachineType mem_type) {

+ if (!module_->has_memory) {

+ error(pc_ - 1, "load instruction with no memory");

+ return 0;

+ }

MemoryAccessOperand operand(this, pc_,

ElementSizeLog2Of(mem_type.representation()));

@@ -1315,6 +1327,10 @@ class WasmFullDecoder : public WasmDecoder {

}

int DecodeStoreMem(ValueType type, MachineType mem_type) {

+ if (!module_->has_memory) {

+ error(pc_ - 1, "store instruction with no memory");

+ return 0;

+ }

MemoryAccessOperand operand(this, pc_,

ElementSizeLog2Of(mem_type.representation()));

Value val = Pop(1, type);

« no previous file with comments | « no previous file | src/wasm/wasm-js.cc » ('j') | src/wasm/wasm-module.cc » ('J')