fluencelabs/wasmer
1
0
Fork 0
mirror of https://github.com/fluencelabs/wasmer synced 2025-06-27 23:51:33 +00:00
Code Issues Projects Releases Wiki Activity

fix(interface-types) Avoid integer overflows in string instructions.

Browse Source
This commit is contained in:
Ivan Enderlin
2020-03-26 08:27:51 +01:00
parent 0e70e538cc
commit 86b545fd49
1 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
lib/interface-types/src/interpreter/instructions/strings.rs
View File

@ -10,7 +10,7 @@ use crate::{
Instruction, Instruction,
}, },
}; };
use std::cell::Cell; use std::{cell::Cell, convert::TryInto};
executable_instruction!( executable_instruction!(
string_lift_memory(instruction: Instruction) -> _ { string_lift_memory(instruction: Instruction) -> _ {
@ -23,7 +23,6 @@ executable_instruction!(
})?; })?;
let memory_index: u32 = 0; let memory_index: u32 = 0;
let memory = runtime let memory = runtime
.wasm_instance .wasm_instance
.memory(memory_index as usize) .memory(memory_index as usize)
@ -34,8 +33,18 @@ executable_instruction!(
) )
})?; })?;
let pointer = to_native::<i32>(&inputs[0], instruction)? as usize; let pointer: usize = to_native::<i32>(&inputs[0], instruction)?.try_into().map_err(|_| {
let length = to_native::<i32>(&inputs[1], instruction)? as usize; InstructionError::new(
instruction,
InstructionErrorKind::NegativeValue { subject: "pointer" },
)
})?;
let length: usize = to_native::<i32>(&inputs[1], instruction)?.try_into().map_err(|_| {
InstructionError::new(
instruction,
InstructionErrorKind::NegativeValue { subject: "length" },
)
})?;
let memory_view = memory.view(); let memory_view = memory.view();
if length == 0 { if length == 0 {
@ -102,7 +111,12 @@ executable_instruction!(
let string: String = to_native(&string, instruction)?; let string: String = to_native(&string, instruction)?;
let string_bytes = string.as_bytes(); let string_bytes = string.as_bytes();
let string_length = string_bytes.len() as i32; let string_length: i32 = string_bytes.len().try_into().map_err(|_| {
InstructionError::new(
instruction,
InstructionErrorKind::NegativeValue { subject: "string_length" },
)
})?;
let outputs = allocator.call(&[InterfaceValue::I32(string_length)]).map_err(|_| { let outputs = allocator.call(&[InterfaceValue::I32(string_length)]).map_err(|_| {
InstructionError::new( InstructionError::new(
@ -110,7 +124,12 @@ executable_instruction!(
InstructionErrorKind::LocalOrImportCall { function_index: allocator_index }, InstructionErrorKind::LocalOrImportCall { function_index: allocator_index },
) )
})?; })?;
let string_pointer: i32 = to_native(&outputs[0], instruction)?; let string_pointer: u32 = to_native::<i32>(&outputs[0], instruction)?.try_into().map_err(|_| {
InstructionError::new(
instruction,
InstructionErrorKind::NegativeValue { subject: "string_pointer" },
)
})?;
let memory_index: u32 = 0; let memory_index: u32 = 0;
let memory_view = instance let memory_view = instance
@ -127,7 +146,7 @@ executable_instruction!(
memory_view[string_pointer as usize + nth].set(*byte); memory_view[string_pointer as usize + nth].set(*byte);
} }
runtime.stack.push(InterfaceValue::I32(string_pointer)); runtime.stack.push(InterfaceValue::I32(string_pointer as i32));
runtime.stack.push(InterfaceValue::I32(string_length)); runtime.stack.push(InterfaceValue::I32(string_length));
Ok(()) Ok(())