fluencelabs/assemblyscript
1
0
Fork 0
mirror of https://github.com/fluencelabs/assemblyscript synced 2025-06-14 15:31:31 +00:00
Code Issues Projects Releases Wiki Activity

Fix possible out of bounds read in string UTF8 conversion

Browse Source
This commit is contained in:
dcodeIO
2018-05-23 15:37:09 +02:00
parent 829af2285c
commit 51ede113dd
7 changed files with 687 additions and 658 deletions
Download Patch File Download Diff File Expand all files Collapse all files

590
tests/compiler/std/string-utf8.optimized.wat
View File

@ -23,57 +23,39 @@
(set_local $1
(i32.const 1)
)
(block $break|0
(set_local $4
(i32.load
(get_local $0)
)
(set_local $4
(i32.load
(get_local $0)
)
(loop $loop|0
(br_if $break|0
(i32.ge_u
(get_local $2)
(get_local $4)
)
)
(loop $continue|0
(if
(i32.lt_u
(get_local $2)
(get_local $4)
)
(set_local $2
(if (result i32)
(i32.lt_u
(tee_local $3
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(get_local $2)
(i32.const 1)
(block
(set_local $2
(if (result i32)
(i32.lt_u
(tee_local $3
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(get_local $2)
(i32.const 1)
)
)
)
)
)
(i32.const 128)
)
(block (result i32)
(set_local $1
(i32.add
(get_local $1)
(i32.const 1)
)
)
(i32.add
(get_local $2)
(i32.const 1)
)
)
(if (result i32)
(i32.lt_u
(get_local $3)
(i32.const 2048)
(i32.const 128)
)
(block (result i32)
(set_local $1
(i32.add
(get_local $1)
(i32.const 2)
(i32.const 1)
)
)
(i32.add
@ -82,53 +64,15 @@
)
)
(if (result i32)
(if (result i32)
(tee_local $3
(i32.eq
(i32.and
(get_local $3)
(i32.const 64512)
)
(i32.const 55296)
)
)
(i32.eq
(i32.and
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(i32.add
(get_local $2)
(i32.const 1)
)
(i32.const 1)
)
)
)
(i32.const 64512)
)
(i32.const 56320)
)
(i32.lt_u
(get_local $3)
(i32.const 2048)
)
(block (result i32)
(set_local $1
(i32.add
(get_local $1)
(i32.const 4)
)
)
(i32.add
(get_local $2)
(i32.const 2)
)
)
(block (result i32)
(set_local $1
(i32.add
(get_local $1)
(i32.const 3)
(i32.const 2)
)
)
(i32.add
@ -136,11 +80,79 @@
(i32.const 1)
)
)
(if (result i32)
(if (result i32)
(if (result i32)
(tee_local $3
(i32.eq
(i32.and
(get_local $3)
(i32.const 64512)
)
(i32.const 55296)
)
)
(tee_local $3
(i32.lt_u
(i32.add
(get_local $2)
(i32.const 1)
)
(get_local $4)
)
)
(get_local $3)
)
(i32.eq
(i32.and
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(i32.add
(get_local $2)
(i32.const 1)
)
(i32.const 1)
)
)
)
(i32.const 64512)
)
(i32.const 56320)
)
(get_local $3)
)
(block (result i32)
(set_local $1
(i32.add
(get_local $1)
(i32.const 4)
)
)
(i32.add
(get_local $2)
(i32.const 2)
)
)
(block (result i32)
(set_local $1
(i32.add
(get_local $1)
(i32.const 3)
)
)
(i32.add
(get_local $2)
(i32.const 1)
)
)
)
)
)
)
(br $continue|0)
)
(br $loop|0)
)
)
(get_local $1)
@ -249,268 +261,270 @@
)
)
)
(block $break|0
(set_local $6
(i32.load
(get_local $0)
)
(set_local $7
(i32.load
(get_local $0)
)
(loop $loop|0
(block $continue|0
(br_if $break|0
(i32.ge_u
(get_local $2)
(get_local $6)
)
)
(set_local $3
(if (result i32)
(i32.lt_u
(tee_local $1
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(get_local $2)
(i32.const 1)
)
)
(loop $continue|0
(if
(i32.lt_u
(get_local $3)
(get_local $7)
)
(block
(if
(i32.lt_u
(tee_local $1
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(get_local $3)
(i32.const 1)
)
)
)
(i32.const 128)
)
(block (result i32)
(i32.const 128)
)
(block
(i32.store8
(i32.add
(get_local $5)
(get_local $2)
)
(get_local $1)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 1)
)
)
)
(if
(i32.lt_u
(get_local $1)
(i32.const 2048)
)
(block
(i32.store8
(i32.add
(get_local $5)
(get_local $3)
(tee_local $4
(i32.add
(get_local $5)
(get_local $2)
)
)
(i32.or
(i32.shr_u
(get_local $1)
(i32.const 6)
)
(i32.const 192)
)
)
(i32.store8 offset=1
(get_local $4)
(i32.or
(i32.and
(get_local $1)
(i32.const 63)
)
(i32.const 128)
)
(get_local $1)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 1)
)
)
(i32.add
(get_local $3)
(i32.const 1)
)
)
(if (result i32)
(i32.lt_u
(get_local $1)
(i32.const 2048)
)
(block (result i32)
(i32.store8
(tee_local $4
(i32.add
(get_local $5)
(get_local $3)
)
)
(i32.or
(i32.shr_u
(get_local $1)
(i32.const 6)
)
(i32.const 192)
)
)
(i32.store8 offset=1
(get_local $4)
(i32.or
(i32.and
(get_local $1)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 1)
)
)
(i32.add
(get_local $3)
(i32.const 2)
)
)
(block (result i32)
(set_local $4
(i32.add
(get_local $5)
(get_local $3)
)
(block
(set_local $4
(i32.add
(get_local $5)
(get_local $2)
)
)
(if
(if (result i32)
(tee_local $6
(i32.eq
(i32.and
(get_local $1)
(i32.const 64512)
)
(i32.const 55296)
)
)
(i32.lt_u
(i32.add
(get_local $3)
(i32.const 1)
)
(get_local $7)
)
(get_local $6)
)
(if
(i32.eq
(i32.and
(get_local $1)
(i32.const 64512)
)
(i32.const 55296)
)
(if
(i32.eq
(i32.and
(tee_local $7
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(i32.add
(get_local $2)
(i32.const 1)
)
(tee_local $6
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(i32.add
(get_local $3)
(i32.const 1)
)
(i32.const 1)
)
)
)
(i32.const 64512)
)
(i32.const 56320)
(i32.const 64512)
)
(block
(i32.store8
(get_local $4)
(i32.or
(i32.shr_u
(tee_local $1
(i32.const 56320)
)
(block
(i32.store8
(get_local $4)
(i32.or
(i32.shr_u
(tee_local $1
(i32.add
(i32.add
(i32.add
(i32.shl
(i32.and
(get_local $1)
(i32.const 1023)
)
(i32.const 10)
(i32.shl
(i32.and
(get_local $1)
(i32.const 1023)
)
(i32.const 65536)
)
(i32.and
(get_local $7)
(i32.const 1023)
(i32.const 10)
)
(i32.const 65536)
)
(i32.and
(get_local $6)
(i32.const 1023)
)
)
(i32.const 18)
)
(i32.const 240)
(i32.const 18)
)
(i32.const 240)
)
(i32.store8 offset=1
(get_local $4)
(i32.or
(i32.and
(i32.shr_u
(get_local $1)
(i32.const 12)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=2
(get_local $4)
(i32.or
(i32.and
(i32.shr_u
(get_local $1)
(i32.const 6)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=3
(get_local $4)
(i32.or
(i32.and
(get_local $1)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $3
(i32.add
(get_local $3)
(i32.const 4)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 2)
)
)
(br $loop|0)
)
(i32.store8 offset=1
(get_local $4)
(i32.or
(i32.and
(i32.shr_u
(get_local $1)
(i32.const 12)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=2
(get_local $4)
(i32.or
(i32.and
(i32.shr_u
(get_local $1)
(i32.const 6)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=3
(get_local $4)
(i32.or
(i32.and
(get_local $1)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 4)
)
)
(set_local $3
(i32.add
(get_local $3)
(i32.const 2)
)
)
(br $continue|0)
)
)
(i32.store8
(get_local $4)
(i32.or
)
(i32.store8
(get_local $4)
(i32.or
(i32.shr_u
(get_local $1)
(i32.const 12)
)
(i32.const 224)
)
)
(i32.store8 offset=1
(get_local $4)
(i32.or
(i32.and
(i32.shr_u
(get_local $1)
(i32.const 12)
(i32.const 6)
)
(i32.const 224)
(i32.const 63)
)
(i32.const 128)
)
(i32.store8 offset=1
(get_local $4)
(i32.or
(i32.and
(i32.shr_u
(get_local $1)
(i32.const 6)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=2
(get_local $4)
(i32.or
(i32.and
(get_local $1)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 1)
)
(i32.store8 offset=2
(get_local $4)
(i32.or
(i32.and
(get_local $1)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $2
(i32.add
(get_local $3)
(get_local $2)
(i32.const 3)
)
)
)
)
)
(set_local $3
(i32.add
(get_local $3)
(i32.const 1)
)
)
(br $continue|0)
)
(br $loop|0)
)
)
(i32.store8
(i32.add
(get_local $5)
(get_local $3)
(get_local $2)
)
(i32.const 0)
)

676
tests/compiler/std/string-utf8.untouched.wat
View File

@ -29,68 +29,44 @@
(set_local $1
(i32.const 1)
)
(block $break|0
(block
(set_local $2
(i32.const 0)
)
(set_local $3
(i32.load
(get_local $0)
)
)
(set_local $2
(i32.const 0)
)
(set_local $3
(i32.load
(get_local $0)
)
(loop $loop|0
(block $continue|0
(br_if $break|0
(i32.eqz
(i32.lt_u
(get_local $2)
(get_local $3)
)
)
)
(block $break|0
(loop $continue|0
(if
(i32.lt_u
(get_local $2)
(get_local $3)
)
(block
(set_local $4
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(get_local $2)
(i32.const 1)
)
)
)
)
(if
(i32.lt_u
(get_local $4)
(i32.const 128)
)
(block
(set_local $1
(block
(set_local $4
(i32.load16_u offset=4
(i32.add
(get_local $1)
(i32.const 1)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 1)
(get_local $0)
(i32.shl
(get_local $2)
(i32.const 1)
)
)
)
)
(if
(i32.lt_u
(get_local $4)
(i32.const 2048)
(i32.const 128)
)
(block
(set_local $1
(i32.add
(get_local $1)
(i32.const 2)
(i32.const 1)
)
)
(set_local $2
@ -101,57 +77,17 @@
)
)
(if
(if (result i32)
(tee_local $5
(i32.eq
(i32.and
(get_local $4)
(i32.const 64512)
)
(i32.const 55296)
)
)
(i32.eq
(i32.and
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(i32.add
(get_local $2)
(i32.const 1)
)
(i32.const 1)
)
)
)
(i32.const 64512)
)
(i32.const 56320)
)
(get_local $5)
(i32.lt_u
(get_local $4)
(i32.const 2048)
)
(block
(set_local $1
(i32.add
(get_local $1)
(i32.const 4)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 2)
)
)
)
(block
(set_local $1
(i32.add
(get_local $1)
(i32.const 3)
)
)
(set_local $2
(i32.add
(get_local $2)
@ -159,13 +95,84 @@
)
)
)
(if
(if (result i32)
(tee_local $5
(if (result i32)
(tee_local $5
(i32.eq
(i32.and
(get_local $4)
(i32.const 64512)
)
(i32.const 55296)
)
)
(i32.lt_u
(i32.add
(get_local $2)
(i32.const 1)
)
(get_local $3)
)
(get_local $5)
)
)
(i32.eq
(i32.and
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(i32.add
(get_local $2)
(i32.const 1)
)
(i32.const 1)
)
)
)
(i32.const 64512)
)
(i32.const 56320)
)
(get_local $5)
)
(block
(set_local $1
(i32.add
(get_local $1)
(i32.const 4)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 2)
)
)
)
(block
(set_local $1
(i32.add
(get_local $1)
(i32.const 3)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 1)
)
)
)
)
)
)
)
(br $continue|0)
)
)
(nop)
(br $loop|0)
)
)
(return
@ -290,116 +297,56 @@
(local $5 i32)
(local $6 i32)
(local $7 i32)
(local $8 i32)
(set_local $1
(call $~lib/string/String#get:lengthUTF8
(get_local $0)
(call $~lib/allocator/arena/allocate_memory
(call $~lib/string/String#get:lengthUTF8
(get_local $0)
)
)
)
(set_local $2
(call $~lib/allocator/arena/allocate_memory
(get_local $1)
)
(i32.const 0)
)
(set_local $3
(i32.load
(get_local $0)
)
)
(set_local $4
(i32.const 0)
)
(block $break|0
(block
(set_local $4
(i32.const 0)
)
(set_local $5
(i32.load
(get_local $0)
)
)
)
(loop $loop|0
(block $continue|0
(br_if $break|0
(i32.eqz
(i32.lt_u
(get_local $4)
(get_local $5)
)
)
(loop $continue|0
(if
(i32.lt_u
(get_local $2)
(get_local $3)
)
(block
(set_local $6
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(get_local $4)
(i32.const 1)
)
)
)
)
(if
(i32.lt_u
(get_local $6)
(i32.const 128)
)
(block
(i32.store8
(block
(set_local $5
(i32.load16_u offset=4
(i32.add
(get_local $2)
(get_local $3)
)
(get_local $6)
)
(set_local $3
(i32.add
(get_local $3)
(i32.const 1)
)
)
(set_local $4
(i32.add
(get_local $4)
(i32.const 1)
(get_local $0)
(i32.shl
(get_local $2)
(i32.const 1)
)
)
)
)
(if
(i32.lt_u
(get_local $6)
(i32.const 2048)
(get_local $5)
(i32.const 128)
)
(block
(set_local $7
(i32.add
(get_local $2)
(get_local $3)
)
)
(i32.store8
(get_local $7)
(i32.or
(i32.shr_u
(get_local $6)
(i32.const 6)
)
(i32.const 192)
)
)
(i32.store8 offset=1
(get_local $7)
(i32.or
(i32.and
(get_local $6)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $3
(i32.add
(get_local $3)
(i32.const 2)
(get_local $1)
(get_local $4)
)
(get_local $5)
)
(set_local $4
(i32.add
@ -407,190 +354,253 @@
(i32.const 1)
)
)
)
(block
(set_local $7
(set_local $2
(i32.add
(get_local $2)
(get_local $3)
(i32.const 1)
)
)
(if
(i32.eq
(i32.and
(get_local $6)
(i32.const 64512)
)
(i32.const 55296)
)
(block
(set_local $8
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(i32.add
(get_local $4)
(i32.const 1)
)
(i32.const 1)
)
)
)
)
(if
(i32.eq
(i32.and
(get_local $8)
(i32.const 64512)
)
(i32.const 56320)
)
(block
(set_local $6
(i32.add
(i32.add
(i32.const 65536)
(i32.shl
(i32.and
(get_local $6)
(i32.const 1023)
)
(i32.const 10)
)
)
(i32.and
(get_local $8)
(i32.const 1023)
)
)
)
(i32.store8
(get_local $7)
(i32.or
(i32.shr_u
(get_local $6)
(i32.const 18)
)
(i32.const 240)
)
)
(i32.store8 offset=1
(get_local $7)
(i32.or
(i32.and
(i32.shr_u
(get_local $6)
(i32.const 12)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=2
(get_local $7)
(i32.or
(i32.and
(i32.shr_u
(get_local $6)
(i32.const 6)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=3
(get_local $7)
(i32.or
(i32.and
(get_local $6)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $3
(i32.add
(get_local $3)
(i32.const 4)
)
)
(set_local $4
(i32.add
(get_local $4)
(i32.const 2)
)
)
(br $continue|0)
)
)
)
)
(if
(i32.lt_u
(get_local $5)
(i32.const 2048)
)
(i32.store8
(get_local $7)
(i32.or
(i32.shr_u
(get_local $6)
(i32.const 12)
(block
(set_local $6
(i32.add
(get_local $1)
(get_local $4)
)
(i32.const 224)
)
)
(i32.store8 offset=1
(get_local $7)
(i32.or
(i32.and
(i32.store8
(get_local $6)
(i32.or
(i32.shr_u
(get_local $6)
(get_local $5)
(i32.const 6)
)
(i32.const 63)
(i32.const 192)
)
(i32.const 128)
)
)
(i32.store8 offset=2
(get_local $7)
(i32.or
(i32.and
(get_local $6)
(i32.const 63)
(i32.store8 offset=1
(get_local $6)
(i32.or
(i32.and
(get_local $5)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $4
(i32.add
(get_local $4)
(i32.const 2)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 1)
)
(i32.const 128)
)
)
(set_local $3
(i32.add
(get_local $3)
(i32.const 3)
(block
(set_local $6
(i32.add
(get_local $1)
(get_local $4)
)
)
)
(set_local $4
(i32.add
(get_local $4)
(i32.const 1)
(if
(if (result i32)
(tee_local $7
(i32.eq
(i32.and
(get_local $5)
(i32.const 64512)
)
(i32.const 55296)
)
)
(i32.lt_u
(i32.add
(get_local $2)
(i32.const 1)
)
(get_local $3)
)
(get_local $7)
)
(block
(set_local $7
(i32.load16_u offset=4
(i32.add
(get_local $0)
(i32.shl
(i32.add
(get_local $2)
(i32.const 1)
)
(i32.const 1)
)
)
)
)
(if
(i32.eq
(i32.and
(get_local $7)
(i32.const 64512)
)
(i32.const 56320)
)
(block
(set_local $5
(i32.add
(i32.add
(i32.const 65536)
(i32.shl
(i32.and
(get_local $5)
(i32.const 1023)
)
(i32.const 10)
)
)
(i32.and
(get_local $7)
(i32.const 1023)
)
)
)
(i32.store8
(get_local $6)
(i32.or
(i32.shr_u
(get_local $5)
(i32.const 18)
)
(i32.const 240)
)
)
(i32.store8 offset=1
(get_local $6)
(i32.or
(i32.and
(i32.shr_u
(get_local $5)
(i32.const 12)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=2
(get_local $6)
(i32.or
(i32.and
(i32.shr_u
(get_local $5)
(i32.const 6)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=3
(get_local $6)
(i32.or
(i32.and
(get_local $5)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $4
(i32.add
(get_local $4)
(i32.const 4)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 2)
)
)
(br $continue|0)
)
)
)
)
(i32.store8
(get_local $6)
(i32.or
(i32.shr_u
(get_local $5)
(i32.const 12)
)
(i32.const 224)
)
)
(i32.store8 offset=1
(get_local $6)
(i32.or
(i32.and
(i32.shr_u
(get_local $5)
(i32.const 6)
)
(i32.const 63)
)
(i32.const 128)
)
)
(i32.store8 offset=2
(get_local $6)
(i32.or
(i32.and
(get_local $5)
(i32.const 63)
)
(i32.const 128)
)
)
(set_local $4
(i32.add
(get_local $4)
(i32.const 3)
)
)
(set_local $2
(i32.add
(get_local $2)
(i32.const 1)
)
)
)
)
)
)
(br $continue|0)
)
)
(nop)
(br $loop|0)
)
)
(i32.store8
(i32.add
(get_local $2)
(get_local $3)
(get_local $1)
(get_local $4)
)
(i32.const 0)
)
(return
(get_local $2)
(get_local $1)
)
)
(func $~lib/allocator/arena/free_memory (; 4 ;) (type $iv) (param $0 i32)

2
tests/compiler/std/string.optimized.wat
View File

@ -980,7 +980,7 @@
(call $~lib/env/abort
(i32.const 0)
(i32.const 76)
(i32.const 524)
(i32.const 529)
(i32.const 10)
)
(unreachable)

2
tests/compiler/std/string.untouched.wat
View File

@ -1159,7 +1159,7 @@
(call $~lib/env/abort
(i32.const 0)
(i32.const 76)
(i32.const 524)
(i32.const 529)
(i32.const 10)
)
(unreachable)