src/wasm/function-body-decoder.cc - Issue 2640453003: [wasm] Fix and tighten memory validation

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/wasm/function-body-decoder.cc

Issue 2640453003: [wasm] Fix and tighten memory validation (Closed)

Patch Set: Comments Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/wasm/function-body-decoder.cc

diff --git a/src/wasm/function-body-decoder.cc b/src/wasm/function-body-decoder.cc

index 152fba1ffe92a42b9cd27c05f1180134cde89ef9..86b83c069c1280acda3cf1439f2c91c2706197f0 100644

--- a/src/wasm/function-body-decoder.cc

+++ b/src/wasm/function-body-decoder.cc

@@ -622,6 +622,13 @@ class WasmFullDecoder : public WasmDecoder {

return bytes;

}

+ bool CheckHasMemory() {

+ if (!module_->has_memory) {

+ error(pc_ - 1, "memory instruction with no memory");

+ }

+ return module_->has_memory;

+ }

// Decodes the body of a function.

void DecodeFunctionBody() {

TRACE("wasm-decode %p...%p (module+%d, %d bytes) %s\n",

@@ -1112,6 +1119,7 @@ class WasmFullDecoder : public WasmDecoder {

len = DecodeStoreMem(kWasmF64, MachineType::Float64());

break;

case kExprGrowMemory: {

+ if (!CheckHasMemory()) break;

MemoryIndexOperand operand(this, pc_);

DCHECK_NOT_NULL(module_);

if (module_->origin != kAsmJsOrigin) {

@@ -1124,6 +1132,7 @@ class WasmFullDecoder : public WasmDecoder {

break;

}

case kExprMemorySize: {

+ if (!CheckHasMemory()) break;

MemoryIndexOperand operand(this, pc_);

Push(kWasmI32, BUILD(CurrentMemoryPages));

len = 1 + operand.length;

@@ -1304,6 +1313,7 @@ class WasmFullDecoder : public WasmDecoder {

void PopControl() { control_.pop_back(); }

int DecodeLoadMem(ValueType type, MachineType mem_type) {

+ if (!CheckHasMemory()) return 0;

MemoryAccessOperand operand(this, pc_,

ElementSizeLog2Of(mem_type.representation()));

@@ -1315,6 +1325,7 @@ class WasmFullDecoder : public WasmDecoder {

}

int DecodeStoreMem(ValueType type, MachineType mem_type) {

+ if (!CheckHasMemory()) return 0;

MemoryAccessOperand operand(this, pc_,

ElementSizeLog2Of(mem_type.representation()));

Value val = Pop(1, type);

« no previous file with comments | « no previous file | src/wasm/wasm-js.cc » ('j') | no next file with comments »