beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-26 09:30:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

LibWasm: Make memory operation address calculation match the spec

Browse source 
...or rather, match what the spec _means_ to say, not what it actually
says.
This commit is contained in:
Ali Mohammad Pur 2021-08-10 23:40:01 +04:30 committed by Andreas Kling
parent ad3de4648a
commit b6381f785d
Notes: sideshowbarker 2024-07-18 07:04:04 +09:00 
Author: https://github.com/alimpfard
Commit: https://github.com/SerenityOS/serenity/commit/b6381f785d0
Pull-request: https://github.com/SerenityOS/serenity/pull/9278
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
View file

@ -98,10 +98,12 @@ void BytecodeInterpreter::load_and_push(Configuration& configuration, Instructio
m_trap = Trap { "Memory access out of bounds" };
return;
}
auto instance_address = base.value() + static_cast<i64>(arg.offset);
if (instance_address < 0 || static_cast<u64>(instance_address + sizeof(ReadType)) > memory->size()) {
u64 instance_address = static_cast<u64>(bit_cast<u32>(base.value())) + arg.offset;
Checked addition { instance_address };
addition += sizeof(ReadType);
if (addition.has_overflow() || addition.value() > memory->size()) {
m_trap = Trap { "Memory access out of bounds" };
dbgln("LibWasm: Memory access out of bounds (expected 0 <= {} and {} <= {})", instance_address, instance_address + sizeof(ReadType), memory->size());
dbgln("LibWasm: Memory access out of bounds (expected {} to be less than or equal to {})", instance_address + sizeof(ReadType), memory->size());
return;
}
dbgln_if(WASM_TRACE_DEBUG, "load({} : {}) -> stack", instance_address, sizeof(ReadType));
@ -120,8 +122,10 @@ void BytecodeInterpreter::store_to_memory(Configuration& configuration, Instruct
TRAP_IF_NOT(entry.has<Value>());
auto base = entry.get<Value>().to<i32>();
TRAP_IF_NOT(base.has_value());
auto instance_address = base.value() + static_cast<i64>(arg.offset);
if (instance_address < 0 || static_cast<u64>(instance_address + data.size()) > memory->size()) {
u64 instance_address = static_cast<u64>(bit_cast<u32>(base.value())) + arg.offset;
Checked addition { instance_address };
addition += data.size();
if (addition.has_overflow() || addition.value() > memory->size()) {
m_trap = Trap { "Memory access out of bounds" };
dbgln("LibWasm: Memory access out of bounds (expected 0 <= {} and {} <= {})", instance_address, instance_address + data.size(), memory->size());
return;