Skip to content
This repository was archived by the owner on May 11, 2020. It is now read-only.

Commit f062133

Browse files
laizysbinet
laizy
authored and
sbinet
committed
wasm: fix index out of range panic
* wasm: fix index out of range panic Wasm spec says: Integers are not inherently signed or unsigned, their interpretation is determined by individual operations. So the offset should be treated as uint32 * remove test file
1 parent 5a639f0 commit f062133

File tree

1 file changed

+15
-14
lines changed

1 file changed

+15
-14
lines changed

wasm/index.go

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -126,28 +126,29 @@ func (m *Module) populateTables() error {
126126
for _, elem := range m.Elements.Entries {
127127
// the MVP dictates that index should always be zero, we should
128128
// probably check this
129-
if int(elem.Index) >= len(m.TableIndexSpace) {
129+
if elem.Index >= uint32(len(m.TableIndexSpace)) {
130130
return InvalidTableIndexError(elem.Index)
131131
}
132132

133133
val, err := m.ExecInitExpr(elem.Offset)
134134
if err != nil {
135135
return err
136136
}
137-
offset, ok := val.(int32)
137+
off, ok := val.(int32)
138138
if !ok {
139139
return InvalidValueTypeInitExprError{reflect.Int32, reflect.TypeOf(val).Kind()}
140140
}
141+
offset := uint32(off)
141142

142-
table := m.TableIndexSpace[int(elem.Index)]
143-
if int(offset)+len(elem.Elems) > len(table) {
144-
data := make([]uint32, int(offset)+len(elem.Elems))
143+
table := m.TableIndexSpace[elem.Index]
144+
//use uint64 to avoid overflow
145+
if uint64(offset)+uint64(len(elem.Elems)) > uint64(len(table)) {
146+
data := make([]uint32, uint64(offset)+uint64(len(elem.Elems)))
145147
copy(data[offset:], elem.Elems)
146148
copy(data, table)
147-
m.TableIndexSpace[int(elem.Index)] = data
149+
m.TableIndexSpace[elem.Index] = data
148150
} else {
149-
copy(table[int(offset):], elem.Elems)
150-
m.TableIndexSpace[int(elem.Index)] = table
151+
copy(table[offset:], elem.Elems)
151152
}
152153
}
153154

@@ -180,20 +181,20 @@ func (m *Module) populateLinearMemory() error {
180181
if err != nil {
181182
return err
182183
}
183-
offset, ok := val.(int32)
184+
off, ok := val.(int32)
184185
if !ok {
185186
return InvalidValueTypeInitExprError{reflect.Int32, reflect.TypeOf(val).Kind()}
186187
}
188+
offset := uint32(off)
187189

188-
memory := m.LinearMemoryIndexSpace[int(entry.Index)]
189-
if int(offset)+len(entry.Data) > len(memory) {
190-
data := make([]byte, int(offset)+len(entry.Data))
190+
memory := m.LinearMemoryIndexSpace[entry.Index]
191+
if uint64(offset)+uint64(len(entry.Data)) > uint64(len(memory)) {
192+
data := make([]byte, uint64(offset)+uint64(len(entry.Data)))
191193
copy(data, memory)
192194
copy(data[offset:], entry.Data)
193195
m.LinearMemoryIndexSpace[int(entry.Index)] = data
194196
} else {
195-
copy(memory[int(offset):], entry.Data)
196-
m.LinearMemoryIndexSpace[int(entry.Index)] = memory
197+
copy(memory[offset:], entry.Data)
197198
}
198199
}
199200

0 commit comments

Comments
 (0)