Fix segment fault in API BinaryenModuleParse (#5440) (#5441)

Changqing-JING · web-flow · commit 992584fadfdd · 2023-01-20T16:11:06.000Z
We cannot modify the input string safely. To avoid that, copy where needed. Fixes #5440
diff --git a/src/binaryen-c.cpp b/src/binaryen-c.cpp
@@ -5453,7 +5453,7 @@ void BinaryenModuleSetFeatures(BinaryenModuleRef module,
 BinaryenModuleRef BinaryenModuleParse(const char* text) {
   auto* wasm = new Module;
   try {
-    SExpressionParser parser(const_cast<char*>(text));
+    SExpressionParser parser(text);
     Element& root = *parser.root;
     SExpressionWasmBuilder builder(*wasm, *root[0], IRProfile::Normal);
   } catch (ParseException& p) {
diff --git a/src/wasm-s-parser.h b/src/wasm-s-parser.h
@@ -91,16 +91,16 @@ class Element {
 // Generic S-Expression parsing into lists
 //
 class SExpressionParser {
-  char* input;
+  const char* input;
   size_t line;
-  char* lineStart;
+  char const* lineStart;
   SourceLocation* loc = nullptr;
 
   MixedArena allocator;
 
 public:
   // Assumes control of and modifies the input.
-  SExpressionParser(char* input);
+  SExpressionParser(const char* input);
   Element* root;
 
 private:
diff --git a/src/wasm/wasm-s-parser.cpp b/src/wasm/wasm-s-parser.cpp
@@ -140,7 +140,7 @@ void Element::dump() {
   std::cout << "dumping " << this << " : " << *this << ".\n";
 }
 
-SExpressionParser::SExpressionParser(char* input) : input(input) {
+SExpressionParser::SExpressionParser(char const* input) : input(input) {
   root = nullptr;
   line = 1;
   lineStart = input;
@@ -190,23 +190,23 @@ Element* SExpressionParser::parse() {
 
 void SExpressionParser::parseDebugLocation() {
   // Extracting debug location (if valid)
-  char* debugLoc = input + 3; // skipping ";;@"
+  char const* debugLoc = input + 3; // skipping ";;@"
   while (debugLoc[0] && debugLoc[0] == ' ') {
     debugLoc++;
   }
-  char* debugLocEnd = debugLoc;
+  char const* debugLocEnd = debugLoc;
   while (debugLocEnd[0] && debugLocEnd[0] != '\n') {
     debugLocEnd++;
   }
-  char* pos = debugLoc;
+  char const* pos = debugLoc;
   while (pos < debugLocEnd && pos[0] != ':') {
     pos++;
   }
   if (pos >= debugLocEnd) {
     return; // no line number
   }
   std::string name(debugLoc, pos);
-  char* lineStart = ++pos;
+  char const* lineStart = ++pos;
   while (pos < debugLocEnd && pos[0] != ':') {
     pos++;
   }
@@ -279,7 +279,7 @@ Element* SExpressionParser::parseString() {
     input++;
     dollared = true;
   }
-  char* start = input;
+  char const* start = input;
   if (input[0] == '"') {
     // parse escaping \", but leave code escaped - we'll handle escaping in
     // memory segments specifically
@@ -317,12 +317,14 @@ Element* SExpressionParser::parseString() {
   if (start == input) {
     throw ParseException("expected string", line, input - lineStart);
   }
-  char temp = input[0];
-  input[0] = 0;
+
+  std::string temp;
+  temp.assign(start, input - start);
+
   auto ret = allocator.alloc<Element>()
-               ->setString(IString(start, false), dollared, false)
+               ->setString(IString(temp.c_str(), false), dollared, false)
                ->setMetadata(line, start - lineStart, loc);
-  input[0] = temp;
+
   return ret;
 }
 
