Skip to content

Commit 231b1c2

Browse files
bors[bot]pventuzelo
bors[bot]
and
pventuzelo
authored
Merge #809
809: Fix issue 800 - check index before accessing imports.globals r=syrusakbary a=pventuzelo # Description Fix issue #800 * Check if `import_global_index` is valid i.e inside imports.globals range. * Related functions: * validate_memories * validate_tables * finalize_memories * finalize_tables # After the fix ``` sh $ ./target/release/wasmer run index_oob_LocalBacking_validate_memories_152.wasm execute_wasm: "Can\'t instantiate module: LinkError([Generic { message: \"incorrect global index for initializer\" }])" -------------------------------------------------------------------------------------------------------- $ ./target/release/wasmer run index_oob_LocalBacking_validate_tables_276.wasm execute_wasm: "Can\'t instantiate module: LinkError([Generic { message: \"incorrect global index for initializer\" }])" ``` # Review - [x] Create a short description of the the change in the CHANGELOG.md file Co-authored-by: Patrick Ventuzelo <ventuzelo.patrick@gmail.com> Co-authored-by: Patrick Ventuzelo <9038181+pventuzelo@users.noreply.github.com>
2 parents 7bf306e + b45a228 commit 231b1c2

File tree

2 files changed

+21
-0
lines changed

2 files changed

+21
-0
lines changed

CHANGELOG.md

+1
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ Blocks of changes will separated by version increments.
66

77
## **[Unreleased]**
88

9+
- [#809](https://github.com/wasmerio/wasmer/pull/809) Fix bugs leading to panics in `LocalBacking`.
910
- [#822](https://github.com/wasmerio/wasmer/pull/822) Update Cranelift fork version to `0.43.1`
1011
- [#829](https://github.com/wasmerio/wasmer/pull/829) Fix deps on `make bench-*` commands; benchmarks don't compile other backends now
1112
- [#807](https://github.com/wasmerio/wasmer/pull/807) Implement Send for `Instance`, breaking change on `ImportObject`, remove method `get_namespace` replaced with `with_namespace` and `maybe_with_namespace`

lib/runtime-core/src/backing.rs

+20
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,11 @@ impl LocalBacking {
152152
}]);
153153
}
154154
Initializer::GetGlobal(import_global_index) => {
155+
if import_global_index.index() >= imports.globals.len() {
156+
return Err(vec![LinkError::Generic {
157+
message: "incorrect global index for initializer".to_string(),
158+
}]);
159+
}
155160
if let Value::I32(x) = imports.globals[import_global_index].get() {
156161
x as u32
157162
} else {
@@ -208,6 +213,11 @@ impl LocalBacking {
208213
}]);
209214
}
210215
Initializer::GetGlobal(import_global_index) => {
216+
if import_global_index.index() >= imports.globals.len() {
217+
return Err(vec![LinkError::Generic {
218+
message: "incorrect global index for initializer".to_string(),
219+
}]);
220+
}
211221
if let Value::I32(x) = imports.globals[import_global_index].get() {
212222
x as u32
213223
} else {
@@ -276,6 +286,11 @@ impl LocalBacking {
276286
}]);
277287
}
278288
Initializer::GetGlobal(import_global_index) => {
289+
if import_global_index.index() >= imports.globals.len() {
290+
return Err(vec![LinkError::Generic {
291+
message: "incorrect global index for initializer".to_string(),
292+
}]);
293+
}
279294
if let Value::I32(x) = imports.globals[import_global_index].get() {
280295
x as u32
281296
} else {
@@ -329,6 +344,11 @@ impl LocalBacking {
329344
}]);
330345
}
331346
Initializer::GetGlobal(import_global_index) => {
347+
if import_global_index.index() >= imports.globals.len() {
348+
return Err(vec![LinkError::Generic {
349+
message: "incorrect global index for initializer".to_string(),
350+
}]);
351+
}
332352
if let Value::I32(x) = imports.globals[import_global_index].get() {
333353
x as u32
334354
} else {

0 commit comments

Comments
 (0)