Browse Source
Fail module translation for segments with overflowing offset+length.
This commit fails translation of modules that have an segment offset, when
added to the data length, overflows.
pull/2518/head
Peter Huene
4 years ago
No known key found for this signature in database
GPG Key ID: 1DD33E128C1F90D2
1 changed files with
12 additions and
0 deletions
-
cranelift/wasm/src/sections_translator.rs
|
|
|
@ -401,6 +401,12 @@ pub fn parse_element_section<'data>( |
|
|
|
)); |
|
|
|
} |
|
|
|
}; |
|
|
|
// Check for offset + len overflow
|
|
|
|
if offset.checked_add(segments.len()).is_none() { |
|
|
|
return Err(wasm_unsupported!( |
|
|
|
"element segment offset and length overflows" |
|
|
|
)); |
|
|
|
} |
|
|
|
environ.declare_table_elements( |
|
|
|
TableIndex::from_u32(table_index), |
|
|
|
base, |
|
|
|
@ -447,6 +453,12 @@ pub fn parse_data_section<'data>( |
|
|
|
)) |
|
|
|
} |
|
|
|
}; |
|
|
|
// Check for offset + len overflow
|
|
|
|
if offset.checked_add(data.len()).is_none() { |
|
|
|
return Err(wasm_unsupported!( |
|
|
|
"data segment offset and length overflows" |
|
|
|
)); |
|
|
|
} |
|
|
|
environ.declare_data_initialization( |
|
|
|
MemoryIndex::from_u32(memory_index), |
|
|
|
base, |
|
|
|
|
