Skip to content

Commit

Permalink
Fix threads opcodes' boundary check in classic-interp and fast-interp (
Browse files Browse the repository at this point in the history 
…bytecodealliance#3136)

Using `CHECK_BULK_MEMORY_OVERFLOW(addr + offset, n, maddr)` to do the
boundary check may encounter integer overflow in `addr + offset`, change to
use `CHECK_MEMORY_OVERFLOW(n)` instead, which converts `addr` and `offset`
to uint64 first and then add them to avoid integer overflow.
  • Loading branch information
@TianlongLiang
TianlongLiang authored Feb 6, 2024
1 parent 022f01f commit df856bb
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 65 deletions.
62 changes: 31 additions & 31 deletions core/iwasm/interpreter/wasm_interp_classic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -728,7 +728,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
addr = POP_I32(); \
\
if (opcode == WASM_OP_ATOMIC_RMW_I32_##OP_NAME##8_U) { \
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr); \
CHECK_MEMORY_OVERFLOW(1); \
CHECK_ATOMIC_MEMORY_ACCESS(); \
\
shared_memory_lock(memory); \
Expand All @@ -737,7 +737,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
shared_memory_unlock(memory); \
} \
else if (opcode == WASM_OP_ATOMIC_RMW_I32_##OP_NAME##16_U) { \
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr); \
CHECK_MEMORY_OVERFLOW(2); \
CHECK_ATOMIC_MEMORY_ACCESS(); \
\
shared_memory_lock(memory); \
Expand All @@ -746,7 +746,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
shared_memory_unlock(memory); \
} \
else { \
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr); \
CHECK_MEMORY_OVERFLOW(4); \
CHECK_ATOMIC_MEMORY_ACCESS(); \
\
shared_memory_lock(memory); \
Expand All @@ -768,7 +768,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
addr = POP_I32(); \
\
if (opcode == WASM_OP_ATOMIC_RMW_I64_##OP_NAME##8_U) { \
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr); \
CHECK_MEMORY_OVERFLOW(1); \
CHECK_ATOMIC_MEMORY_ACCESS(); \
\
shared_memory_lock(memory); \
Expand All @@ -777,7 +777,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
shared_memory_unlock(memory); \
} \
else if (opcode == WASM_OP_ATOMIC_RMW_I64_##OP_NAME##16_U) { \
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr); \
CHECK_MEMORY_OVERFLOW(2); \
CHECK_ATOMIC_MEMORY_ACCESS(); \
\
shared_memory_lock(memory); \
Expand All @@ -786,7 +786,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
shared_memory_unlock(memory); \
} \
else if (opcode == WASM_OP_ATOMIC_RMW_I64_##OP_NAME##32_U) { \
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr); \
CHECK_MEMORY_OVERFLOW(4); \
CHECK_ATOMIC_MEMORY_ACCESS(); \
\
shared_memory_lock(memory); \
Expand All @@ -796,7 +796,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
} \
else { \
uint64 op_result; \
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr); \
CHECK_MEMORY_OVERFLOW(8); \
CHECK_ATOMIC_MEMORY_ACCESS(); \
\
shared_memory_lock(memory); \
Expand Down Expand Up @@ -3864,7 +3864,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,

notify_count = POP_I32();
addr = POP_I32();
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
CHECK_MEMORY_OVERFLOW(4);
CHECK_ATOMIC_MEMORY_ACCESS();

ret = wasm_runtime_atomic_notify(
Expand All @@ -3884,7 +3884,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
timeout = POP_I64();
expect = POP_I32();
addr = POP_I32();
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
CHECK_MEMORY_OVERFLOW(4);
CHECK_ATOMIC_MEMORY_ACCESS();

ret = wasm_runtime_atomic_wait(
Expand All @@ -3908,7 +3908,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
timeout = POP_I64();
expect = POP_I64();
addr = POP_I32();
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr);
CHECK_MEMORY_OVERFLOW(8);
CHECK_ATOMIC_MEMORY_ACCESS();

ret = wasm_runtime_atomic_wait(
Expand Down Expand Up @@ -3941,21 +3941,21 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
addr = POP_I32();

if (opcode == WASM_OP_ATOMIC_I32_LOAD8_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
CHECK_MEMORY_OVERFLOW(1);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
readv = (uint32)(*(uint8 *)maddr);
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_I32_LOAD16_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
CHECK_MEMORY_OVERFLOW(2);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
readv = (uint32)LOAD_U16(maddr);
shared_memory_unlock(memory);
}
else {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
CHECK_MEMORY_OVERFLOW(4);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
readv = LOAD_I32(maddr);
Expand All @@ -3976,28 +3976,28 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
addr = POP_I32();

if (opcode == WASM_OP_ATOMIC_I64_LOAD8_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
CHECK_MEMORY_OVERFLOW(1);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
readv = (uint64)(*(uint8 *)maddr);
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_I64_LOAD16_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
CHECK_MEMORY_OVERFLOW(2);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
readv = (uint64)LOAD_U16(maddr);
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_I64_LOAD32_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
CHECK_MEMORY_OVERFLOW(4);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
readv = (uint64)LOAD_U32(maddr);
shared_memory_unlock(memory);
}
else {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr);
CHECK_MEMORY_OVERFLOW(8);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
readv = LOAD_I64(maddr);
Expand All @@ -4018,21 +4018,21 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
addr = POP_I32();

if (opcode == WASM_OP_ATOMIC_I32_STORE8) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
CHECK_MEMORY_OVERFLOW(1);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
*(uint8 *)maddr = (uint8)sval;
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_I32_STORE16) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
CHECK_MEMORY_OVERFLOW(2);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
STORE_U16(maddr, (uint16)sval);
shared_memory_unlock(memory);
}
else {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
CHECK_MEMORY_OVERFLOW(4);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
STORE_U32(maddr, sval);
Expand All @@ -4052,28 +4052,28 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
addr = POP_I32();

if (opcode == WASM_OP_ATOMIC_I64_STORE8) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
CHECK_MEMORY_OVERFLOW(1);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
*(uint8 *)maddr = (uint8)sval;
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_I64_STORE16) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
CHECK_MEMORY_OVERFLOW(2);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
STORE_U16(maddr, (uint16)sval);
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_I64_STORE32) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
CHECK_MEMORY_OVERFLOW(4);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
STORE_U32(maddr, (uint32)sval);
shared_memory_unlock(memory);
}
else {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr);
CHECK_MEMORY_OVERFLOW(8);
CHECK_ATOMIC_MEMORY_ACCESS();
shared_memory_lock(memory);
PUT_I64_TO_ADDR((uint32 *)maddr, sval);
Expand All @@ -4093,7 +4093,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
addr = POP_I32();

if (opcode == WASM_OP_ATOMIC_RMW_I32_CMPXCHG8_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
CHECK_MEMORY_OVERFLOW(1);
CHECK_ATOMIC_MEMORY_ACCESS();

expect = (uint8)expect;
Expand All @@ -4104,7 +4104,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_RMW_I32_CMPXCHG16_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
CHECK_MEMORY_OVERFLOW(2);
CHECK_ATOMIC_MEMORY_ACCESS();

expect = (uint16)expect;
Expand All @@ -4115,7 +4115,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
shared_memory_unlock(memory);
}
else {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
CHECK_MEMORY_OVERFLOW(4);
CHECK_ATOMIC_MEMORY_ACCESS();

shared_memory_lock(memory);
Expand All @@ -4139,7 +4139,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
addr = POP_I32();

if (opcode == WASM_OP_ATOMIC_RMW_I64_CMPXCHG8_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
CHECK_MEMORY_OVERFLOW(1);
CHECK_ATOMIC_MEMORY_ACCESS();

expect = (uint8)expect;
Expand All @@ -4150,7 +4150,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_RMW_I64_CMPXCHG16_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
CHECK_MEMORY_OVERFLOW(2);
CHECK_ATOMIC_MEMORY_ACCESS();

expect = (uint16)expect;
Expand All @@ -4161,7 +4161,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
shared_memory_unlock(memory);
}
else if (opcode == WASM_OP_ATOMIC_RMW_I64_CMPXCHG32_U) {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
CHECK_MEMORY_OVERFLOW(4);
CHECK_ATOMIC_MEMORY_ACCESS();

expect = (uint32)expect;
Expand All @@ -4172,7 +4172,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
shared_memory_unlock(memory);
}
else {
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr);
CHECK_MEMORY_OVERFLOW(8);
CHECK_ATOMIC_MEMORY_ACCESS();

shared_memory_lock(memory);
Expand Down
Loading

0 comments on commit df856bb

Please sign in to comment.