Skip to content

Commit da79e3e

Browse files
FromLiQgFromLiQg
authored
Add more checks for Fast JIT gen insn and jit_lock_reg_in_insn (#1449)
Add more checks for Fast JIT generating insn and jit_lock_reg_in_insn in compile_int_div_no_check and other places to avoid accessing NULL insn.
1 parent 0a08b92 commit da79e3e

File tree

1 file changed

+64
-13
lines changed

1 file changed

+64
-13
lines changed

core/iwasm/fast-jit/fe/jit_emit_numberic.c

Lines changed: 64 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -539,8 +539,13 @@ compile_int_div_no_check(JitCompContext *cc, IntArithmetic arith_op,
539539
insn = GEN_INSN(DIV_U, rax_hreg, rax_hreg, right);
540540
}
541541

542-
jit_lock_reg_in_insn(cc, insn, eax_hreg);
543-
jit_lock_reg_in_insn(cc, insn, edx_hreg);
542+
if (!insn) {
543+
goto fail;
544+
}
545+
if (!jit_lock_reg_in_insn(cc, insn, eax_hreg)
546+
|| !jit_lock_reg_in_insn(cc, insn, edx_hreg)) {
547+
goto fail;
548+
}
544549

545550
if (is_i32) {
546551
res = jit_cc_new_reg_I32(cc);
@@ -551,9 +556,12 @@ compile_int_div_no_check(JitCompContext *cc, IntArithmetic arith_op,
551556
insn1 = jit_insn_new_MOV(res, rax_hreg);
552557
}
553558

554-
if (insn && insn1) {
555-
jit_insn_insert_after(insn, insn1);
559+
if (!insn1) {
560+
jit_set_last_error(cc, "generate insn failed");
561+
goto fail;
556562
}
563+
564+
jit_insn_insert_after(insn, insn1);
557565
break;
558566
}
559567
case INT_REM_S:
@@ -576,8 +584,13 @@ compile_int_div_no_check(JitCompContext *cc, IntArithmetic arith_op,
576584
insn = GEN_INSN(REM_U, rdx_hreg, rax_hreg, right);
577585
}
578586

579-
jit_lock_reg_in_insn(cc, insn, eax_hreg);
580-
jit_lock_reg_in_insn(cc, insn, edx_hreg);
587+
if (!insn) {
588+
goto fail;
589+
}
590+
if (!jit_lock_reg_in_insn(cc, insn, eax_hreg)
591+
|| !jit_lock_reg_in_insn(cc, insn, edx_hreg)) {
592+
goto fail;
593+
}
581594

582595
if (is_i32) {
583596
res = jit_cc_new_reg_I32(cc);
@@ -588,9 +601,12 @@ compile_int_div_no_check(JitCompContext *cc, IntArithmetic arith_op,
588601
insn1 = jit_insn_new_MOV(res, rdx_hreg);
589602
}
590603

591-
if (insn && insn1) {
592-
jit_insn_insert_after(insn, insn1);
604+
if (!insn1) {
605+
jit_set_last_error(cc, "generate insn failed");
606+
goto fail;
593607
}
608+
609+
jit_insn_insert_after(insn, insn1);
594610
break;
595611
}
596612
#else
@@ -1133,13 +1149,20 @@ compile_int_shl(JitCompContext *cc, JitReg left, JitReg right, bool is_i32)
11331149
#if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)
11341150
GEN_INSN(MOV, is_i32 ? ecx_hreg : rcx_hreg, right);
11351151
insn = GEN_INSN(SHL, res, left, is_i32 ? ecx_hreg : rcx_hreg);
1136-
jit_lock_reg_in_insn(cc, insn, ecx_hreg);
1152+
if (jit_get_last_error(cc) || !jit_lock_reg_in_insn(cc, insn, ecx_hreg)) {
1153+
goto fail;
1154+
}
11371155
#else
11381156
GEN_INSN(SHL, res, left, right);
1157+
if (jit_get_last_error(cc)) {
1158+
goto fail;
1159+
}
11391160
#endif
11401161

11411162
shortcut:
11421163
return res;
1164+
fail:
1165+
return (JitReg)0;
11431166
}
11441167

11451168
static JitReg
@@ -1164,13 +1187,20 @@ compile_int_shrs(JitCompContext *cc, JitReg left, JitReg right, bool is_i32)
11641187
#if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)
11651188
GEN_INSN(MOV, is_i32 ? ecx_hreg : rcx_hreg, right);
11661189
insn = GEN_INSN(SHRS, res, left, is_i32 ? ecx_hreg : rcx_hreg);
1167-
jit_lock_reg_in_insn(cc, insn, ecx_hreg);
1190+
if (jit_get_last_error(cc) || !jit_lock_reg_in_insn(cc, insn, ecx_hreg)) {
1191+
goto fail;
1192+
}
11681193
#else
11691194
GEN_INSN(SHRS, res, left, right);
1195+
if (jit_get_last_error(cc)) {
1196+
goto fail;
1197+
}
11701198
#endif
11711199

11721200
shortcut:
11731201
return res;
1202+
fail:
1203+
return (JitReg)0;
11741204
}
11751205

11761206
static JitReg
@@ -1195,13 +1225,20 @@ compile_int_shru(JitCompContext *cc, JitReg left, JitReg right, bool is_i32)
11951225
#if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)
11961226
GEN_INSN(MOV, is_i32 ? ecx_hreg : rcx_hreg, right);
11971227
insn = GEN_INSN(SHRU, res, left, is_i32 ? ecx_hreg : rcx_hreg);
1198-
jit_lock_reg_in_insn(cc, insn, ecx_hreg);
1228+
if (jit_get_last_error(cc) || !jit_lock_reg_in_insn(cc, insn, ecx_hreg)) {
1229+
goto fail;
1230+
}
11991231
#else
12001232
GEN_INSN(SHRU, res, left, right);
1233+
if (jit_get_last_error(cc)) {
1234+
goto fail;
1235+
}
12011236
#endif
12021237

12031238
shortcut:
12041239
return res;
1240+
fail:
1241+
return (JitReg)0;
12051242
}
12061243

12071244
DEF_UNI_INT_CONST_OPS(rotl)
@@ -1257,13 +1294,20 @@ compile_int_rotl(JitCompContext *cc, JitReg left, JitReg right, bool is_i32)
12571294
#if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)
12581295
GEN_INSN(MOV, is_i32 ? ecx_hreg : rcx_hreg, right);
12591296
insn = GEN_INSN(ROTL, res, left, is_i32 ? ecx_hreg : rcx_hreg);
1260-
jit_lock_reg_in_insn(cc, insn, ecx_hreg);
1297+
if (jit_get_last_error(cc) || !jit_lock_reg_in_insn(cc, insn, ecx_hreg)) {
1298+
goto fail;
1299+
}
12611300
#else
12621301
GEN_INSN(ROTL, res, left, right);
1302+
if (jit_get_last_error(cc)) {
1303+
goto fail;
1304+
}
12631305
#endif
12641306

12651307
shortcut:
12661308
return res;
1309+
fail:
1310+
return (JitReg)0;
12671311
}
12681312

12691313
DEF_UNI_INT_CONST_OPS(rotr)
@@ -1319,13 +1363,20 @@ compile_int_rotr(JitCompContext *cc, JitReg left, JitReg right, bool is_i32)
13191363
#if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)
13201364
GEN_INSN(MOV, is_i32 ? ecx_hreg : rcx_hreg, right);
13211365
insn = GEN_INSN(ROTR, res, left, is_i32 ? ecx_hreg : rcx_hreg);
1322-
jit_lock_reg_in_insn(cc, insn, ecx_hreg);
1366+
if (jit_get_last_error(cc) || !jit_lock_reg_in_insn(cc, insn, ecx_hreg)) {
1367+
goto fail;
1368+
}
13231369
#else
13241370
GEN_INSN(ROTR, res, left, right);
1371+
if (jit_get_last_error(cc)) {
1372+
goto fail;
1373+
}
13251374
#endif
13261375

13271376
shortcut:
13281377
return res;
1378+
fail:
1379+
return (JitReg)0;
13291380
}
13301381

13311382
static bool

0 commit comments

Comments
 (0)