Skip to content

Commit 2c0f6df

Browse files
kylo5abykylo5aby
committed
fix potential overflow in memory size calculation
Signed-off-by: zhenweijin <[email protected]>
1 parent 6b51c61 commit 2c0f6df

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

core/iwasm/aot/aot_runtime.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1026,14 +1026,14 @@ memory_instantiate(AOTModuleInstance *module_inst, AOTModuleInstance *parent,
10261026
/* If only one page and at most one page, we just append
10271027
the app heap to the end of linear memory, enlarge the
10281028
num_bytes_per_page, and don't change the page count */
1029-
heap_offset = num_bytes_per_page;
1030-
num_bytes_per_page += heap_size;
1031-
if (num_bytes_per_page < heap_size) {
1029+
if (heap_size > UINT32_MAX - num_bytes_per_page) {
10321030
set_error_buf(error_buf, error_buf_size,
10331031
"failed to insert app heap into linear memory, "
10341032
"try using `--heap-size=0` option");
10351033
return NULL;
10361034
}
1035+
heap_offset = num_bytes_per_page;
1036+
num_bytes_per_page += heap_size;
10371037
}
10381038
else if (heap_size > 0) {
10391039
if (init_page_count == max_page_count && init_page_count == 0) {

core/iwasm/interpreter/wasm_runtime.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -335,14 +335,14 @@ memory_instantiate(WASMModuleInstance *module_inst, WASMModuleInstance *parent,
335335
/* If only one page and at most one page, we just append
336336
the app heap to the end of linear memory, enlarge the
337337
num_bytes_per_page, and don't change the page count */
338-
heap_offset = num_bytes_per_page;
339-
num_bytes_per_page += heap_size;
340-
if (num_bytes_per_page < heap_size) {
338+
if (heap_size > UINT32_MAX - num_bytes_per_page) {
341339
set_error_buf(error_buf, error_buf_size,
342340
"failed to insert app heap into linear memory, "
343341
"try using `--heap-size=0` option");
344342
return NULL;
345343
}
344+
heap_offset = num_bytes_per_page;
345+
num_bytes_per_page += heap_size;
346346
}
347347
else if (heap_size > 0) {
348348
if (init_page_count == max_page_count && init_page_count == 0) {

0 commit comments

Comments
 (0)