Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bring back Module::deserialize #2858

Merged
merged 3 commits into from
Apr 27, 2021
Merged

Bring back Module::deserialize #2858

merged 3 commits into from
Apr 27, 2021

Conversation

alexcrichton
Copy link
Member

I thought I was being clever suggesting that Module::deserialize was
removed from #2791 by funneling all module constructors into
Module::new. As our studious fuzzers have found, though, this means
that Module::new is not safe currently to pass arbitrary user-defined
input into. Now one might pretty reasonable expect to be able to do
that, however, being a WebAssembly engine and all. This PR as a result
separates the deserialize part of Module::new back into
Module::deserialize.

This means that binary blobs created with Module::serialize and
Engine::precompile_module will need to be passed to
Module::deserialize to "rehydrate" them back into a Module. This
restores the property that it should be safe to pass arbitrary input to
Module::new since it's always expected to be a wasm module. This also
means that fuzzing will no longer attempt to fuzz Module::deserialize
which isn't something we want to do anyway.

@alexcrichton
Bring back Module::deserialize
7742691 
I thought I was being clever suggesting that `Module::deserialize` was
removed from bytecodealliance#2791 by funneling all module constructors into
`Module::new`. As our studious fuzzers have found, though, this means
that `Module::new` is not safe currently to pass arbitrary user-defined
input into. Now one might pretty reasonable expect to be able to do
that, however, being a WebAssembly engine and all. This PR as a result
separates the `deserialize` part of `Module::new` back into
`Module::deserialize`.

This means that binary blobs created with `Module::serialize` and
`Engine::precompile_module` will need to be passed to
`Module::deserialize` to "rehydrate" them back into a `Module`. This
restores the property that it should be safe to pass arbitrary input to
`Module::new` since it's always expected to be a wasm module. This also
means that fuzzing will no longer attempt to fuzz `Module::deserialize`
which isn't something we want to do anyway.
@github-actions github-actions bot added wasmtime:api Related to the API of the `wasmtime` crate itself wasmtime:c-api Issues pertaining to the C API. labels Apr 26, 2021
@github-actions
Copy link

Subscribe to Label Action

cc @peterhuene

This issue or pull request has been labeled: "wasmtime:api", "wasmtime:c-api"

Thus the following users have been cc'd because of the following labels:

  • peterhuene: wasmtime:api, wasmtime:c-api

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

@alexcrichton alexcrichton merged commit 8384f3a into bytecodealliance:main Apr 27, 2021
@alexcrichton alexcrichton deleted the bring-back-deserialize branch April 27, 2021 15:55
mchesser pushed a commit to mchesser/wasmtime that referenced this pull request May 24, 2021
@alexcrichton @mchesser
Bring back Module::deserialize (bytecodealliance#2858)
0517bb4 
* Bring back `Module::deserialize`

I thought I was being clever suggesting that `Module::deserialize` was
removed from bytecodealliance#2791 by funneling all module constructors into
`Module::new`. As our studious fuzzers have found, though, this means
that `Module::new` is not safe currently to pass arbitrary user-defined
input into. Now one might pretty reasonable expect to be able to do
that, however, being a WebAssembly engine and all. This PR as a result
separates the `deserialize` part of `Module::new` back into
`Module::deserialize`.

This means that binary blobs created with `Module::serialize` and
`Engine::precompile_module` will need to be passed to
`Module::deserialize` to "rehydrate" them back into a `Module`. This
restores the property that it should be safe to pass arbitrary input to
`Module::new` since it's always expected to be a wasm module. This also
means that fuzzing will no longer attempt to fuzz `Module::deserialize`
which isn't something we want to do anyway.

* Fix an example

* Mark `Module::deserialize` as `unsafe`
@peterhuene peterhuene mentioned this pull request Sep 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterhuene peterhuene peterhuene approved these changes

@fitzgen fitzgen fitzgen left review comments

Assignees
No one assigned
Labels
wasmtime:api Related to the API of the `wasmtime` crate itself wasmtime:c-api Issues pertaining to the C API.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexcrichton @fitzgen @peterhuene