forked from Mirrors/wasm3
Fix memory safety issues found by OSS-Fuzz (#301)
* Add integer overflow checks in NewCodePage Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33457 * TouchSlot should track slots outside of functions Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33554. The OSS-Fuzz inputs led to a crash on a Const64 instruction that overflows the stack. The overflow was not detected during compilation as TouchSlot did not track maxStackSlots if o->function is NULL. This commit changes TouchSlot to track slots outside of functions. * Fix out-of-bounds write in MarkSlotsAllocatedByType While pushing the params back onto the stack in CompileBlock, GetSlotForStackIndex may return c_slotUnused. If that is the case, passing the slot to MarkSlotsAllocatedByType leads to a crash. Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33555 Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36551 * Fix memory leak in CompileElseBlock In the case of an exception in CompileElseBlock, the original page was not properly restored and was leaked. This commit moves the release/restore in the _catch: block which always executes. * Fix stackIndex underflow in param deallocation When the stack is polymorphic, the stack should never underflow. This commits fixes an unreported stack underflow while led to an integer underflow in stackIndex. Now, if the stack is polymorphic, we only decrement stackIndex up until blockStackIndex.opam-2.0.0
parent
58488085f2
commit
8f3986a66c
Loading…
Reference in new issue