mii/wasmer
1
0
Fork 0
mirror of https://github.com/mii443/wasmer.git synced 2025-12-10 14:48:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check memory offset calculation overflow.

Browse Source
This commit is contained in:
losfair
2020-05-30 00:35:27 +08:00
parent 83a50a560e
commit 510b56a31e
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/compiler-singlepass/src/codegen_x64.rs
View File

@@ -1280,9 +1280,7 @@ impl<'a> FuncGen<'a> {
Location::Imm32(memarg.offset), Location::Imm32(memarg.offset),
Location::GPR(tmp_addr), Location::GPR(tmp_addr),
); );
self.assembler // Overflow is checked outside the `need_check` block, so we don't need to check it here.
.emit_jmp(Condition::Carry, self.special_labels.heap_access_oob);
// unsigned overflow
} }
// Trap if the start address of the requested area is equal to or above that of the linear memory. // Trap if the start address of the requested area is equal to or above that of the linear memory.
@@ -1320,6 +1318,10 @@ impl<'a> FuncGen<'a> {
Location::Imm32(memarg.offset as u32), Location::Imm32(memarg.offset as u32),
Location::GPR(tmp_addr), Location::GPR(tmp_addr),
); );
// Trap if offset calculation overflowed.
self.assembler
.emit_jmp(Condition::Carry, self.special_labels.heap_access_oob);
} }
self.assembler self.assembler
.emit_add(Size::S64, Location::GPR(tmp_base), Location::GPR(tmp_addr)); .emit_add(Size::S64, Location::GPR(tmp_base), Location::GPR(tmp_addr));