diff --git a/interpreter/binary/decode.ml b/interpreter/binary/decode.ml index fa3a0ef9e..43de4553b 100644 --- a/interpreter/binary/decode.ml +++ b/interpreter/binary/decode.ml @@ -220,7 +220,7 @@ let zero s = expect 0x00 s "zero byte expected" let memop s = let align = u32 s in - require (I32.le_u align 32l) s (pos s - 1) "malformed memop flags"; + require (I32.lt_u align 32l) s (pos s - 1) "malformed memop flags"; let offset = u32 s in Int32.to_int align, offset diff --git a/test/core/align.wast b/test/core/align.wast index 93064649d..7753df8de 100644 --- a/test/core/align.wast +++ b/test/core/align.wast @@ -864,3 +864,120 @@ (assert_trap (invoke "store" (i32.const 65532) (i64.const -1)) "out of bounds memory access") ;; No memory was changed (assert_return (invoke "load" (i32.const 65532)) (i32.const 0)) + +;; Test invalid alignment values that may cause overflow when parsed. +;; These use the binary format, because it stores alignment as a base-2 exponent. + +;; Signed 32-bit overflow +(assert_invalid + (module binary + "\00asm" "\01\00\00\00" + "\01\04\01\60\00\00" ;; Type section: 1 type + "\03\02\01\00" ;; Function section: 1 function + "\05\03\01\00\01" ;; Memory section: 1 memory + "\0a\0a\01" ;; Code section: 1 function + + ;; function 0 + "\08\00" + "\41\00" ;; i32.const 0 + "\28\1f\00" ;; i32.load offset=0 align=2**31 + "\1a" ;; drop + "\0b" ;; end + ) + "alignment must not be larger than natural" +) + +;; Unsigned 32-bit overflow +(assert_malformed + (module binary + "\00asm" "\01\00\00\00" + "\01\04\01\60\00\00" ;; Type section: 1 type + "\03\02\01\00" ;; Function section: 1 function + "\05\03\01\00\01" ;; Memory section: 1 memory + "\0a\0a\01" ;; Code section: 1 function + + ;; function 0 + "\08\00" + "\41\00" ;; i32.const 0 + "\28\20\00" ;; i32.load offset=0 align=2**32 + "\1a" ;; drop + "\0b" ;; end + ) + "malformed memop flags" +) + +;; 32-bit out of range +(assert_malformed + (module binary + "\00asm" "\01\00\00\00" + "\01\04\01\60\00\00" ;; Type section: 1 type + "\03\02\01\00" ;; Function section: 1 function + "\05\03\01\00\01" ;; Memory section: 1 memory + "\0a\0a\01" ;; Code section: 1 function + + ;; function 0 + "\08\00" + "\41\00" ;; i32.const 0 + "\28\21\00" ;; i32.load offset=0 align=2**33 + "\1a" ;; drop + "\0b" ;; end + ) + "malformed memop flags" +) + +;; Signed 64-bit overflow +(assert_malformed + (module binary + "\00asm" "\01\00\00\00" + "\01\04\01\60\00\00" ;; Type section: 1 type + "\03\02\01\00" ;; Function section: 1 function + "\05\03\01\00\01" ;; Memory section: 1 memory + "\0a\0a\01" ;; Code section: 1 function + + ;; function 0 + "\08\00" + "\41\00" ;; i32.const 0 + "\28\3f\00" ;; i32.load offset=0 align=2**63 + "\1a" ;; drop + "\0b" ;; end + ) + "malformed memop flags" +) + +;; Unsigned 64-bit overflow +(assert_malformed + (module binary + "\00asm" "\01\00\00\00" + "\01\04\01\60\00\00" ;; Type section: 1 type + "\03\02\01\00" ;; Function section: 1 function + "\05\03\01\00\01" ;; Memory section: 1 memory + "\0a\0a\01" ;; Code section: 1 function + + ;; function 0 + "\08\00" + "\41\00" ;; i32.const 0 + "\28\40\00" ;; i32.load offset=0 align=2**64 + "\1a" ;; drop + "\0b" ;; end + ) + "malformed memop flags" +) + +;; 64-bit out of range +(assert_malformed + (module binary + "\00asm" "\01\00\00\00" + "\01\04\01\60\00\00" ;; Type section: 1 type + "\03\02\01\00" ;; Function section: 1 function + "\05\03\01\00\01" ;; Memory section: 1 memory + "\0a\0a\01" ;; Code section: 1 function + + ;; function 0 + "\08\00" + "\41\00" ;; i32.const 0 + "\28\41\00" ;; i32.load offset=0 align=2**65 + "\1a" ;; drop + "\0b" ;; end + ) + "malformed memop flags" +)