Interpreter: Add a limit to how much we try to grow memory, to avoid DOS (#3227)

kripken · web-flow · commit 5ae1724add80 · 2020-10-12T17:11:30.000-07:00
growMemory() now also returns whether we succeeded.

Without this it could eventually start to swap etc., which is annoying.
diff --git a/src/shell-interface.h b/src/shell-interface.h
@@ -217,8 +217,14 @@ struct ShellExternalInterface : ModuleInstance::ExternalInterface {
 
   void tableStore(Address addr, Name entry) override { table[addr] = entry; }
 
-  void growMemory(Address /*oldSize*/, Address newSize) override {
+  bool growMemory(Address /*oldSize*/, Address newSize) override {
+    // Apply a reasonable limit on memory size, 1GB, to avoid DOS on the
+    // interpreter.
+    if (newSize > 1024 * 1024 * 1024) {
+      return false;
+    }
     memory.resize(newSize);
+    return true;
   }
 
   void trap(const char* why) override {
diff --git a/src/tools/wasm-ctor-eval.cpp b/src/tools/wasm-ctor-eval.cpp
@@ -283,7 +283,7 @@ struct CtorEvalExternalInterface : EvallingModuleInstance::ExternalInterface {
   // called during initialization, but we don't keep track of a table
   void tableStore(Address addr, Name value) override {}
 
-  void growMemory(Address /*oldSize*/, Address newSize) override {
+  bool growMemory(Address /*oldSize*/, Address newSize) override {
     throw FailToEvalException("grow memory");
   }
 
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
@@ -1685,7 +1685,7 @@ template<typename GlobalManager, typename SubType> class ModuleInstanceBase {
                                LiteralList& arguments,
                                Type result,
                                SubType& instance) = 0;
-    virtual void growMemory(Address oldSize, Address newSize) = 0;
+    virtual bool growMemory(Address oldSize, Address newSize) = 0;
     virtual void trap(const char* why) = 0;
     virtual void throwException(Literal exnref) = 0;
 
@@ -2406,8 +2406,13 @@ template<typename GlobalManager, typename SubType> class ModuleInstanceBase {
       if (newSize > instance.wasm.memory.max) {
         return fail;
       }
-      instance.externalInterface->growMemory(
-        instance.memorySize * Memory::kPageSize, newSize * Memory::kPageSize);
+      if (!instance.externalInterface->growMemory(
+            instance.memorySize * Memory::kPageSize,
+            newSize * Memory::kPageSize)) {
+        // We failed to grow the memory in practice, even though it was valid
+        // to try to do so.
+        return fail;
+      }
       instance.memorySize = newSize;
       return ret;
     }

Original file line number	Diff line number	Diff line change
`@@ -283,7 +283,7 @@ struct CtorEvalExternalInterface : EvallingModuleInstance::ExternalInterface {`
`283`	`283`	`// called during initialization, but we don't keep track of a table`
`284`	`284`	`void tableStore(Address addr, Name value) override {}`
`285`	`285`
`286`		`- void growMemory(Address /oldSize/, Address newSize) override {`
	`286`	`+ bool growMemory(Address /oldSize/, Address newSize) override {`
`287`	`287`	`throw FailToEvalException("grow memory");`
`288`	`288`	`}`
`289`	`289`