LibWasm: Ensure that global.get only accesses imports in const exprs

Author: https://github.com/dzfrias Commit: https://github.com/LadybirdBrowser/ladybird/commit/bd97091cbb Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/185 Reviewed-by: https://github.com/alimpfard
2024-11-22 15:40:19 +00:00 · 2024-06-16 09:55:51 -07:00 · 2024-06-16 09:55:51 -07:00 · bd97091cbb · 2024-07-17 20:19:08 +09:00
commit bd97091cbb
parent 596dd5252d
2 changed files with 8 additions and 3 deletions
--- a/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp
+++ b/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp
@ -206,6 +206,8 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
    for (auto& entry : externs) {
        if (auto* ptr = entry.get_pointer<GlobalAddress>())
            auxiliary_instance.globals().append(*ptr);
+        else if (auto* ptr = entry.get_pointer<FunctionAddress>())
+            auxiliary_instance.functions().append(*ptr);
    }

    Vector<FunctionAddress> module_functions;
@ -253,7 +255,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
                if (m_should_limit_instruction_count)
                    config.enable_instruction_count_limit();
                config.set_frame(Frame {
-                    main_module_instance,
+                    auxiliary_instance,
                    Vector<Value> {},
                    entry,
                    entry.instructions().size(),
@ -306,7 +308,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
            if (m_should_limit_instruction_count)
                config.enable_instruction_count_limit();
            config.set_frame(Frame {
-                main_module_instance,
+                auxiliary_instance,
                Vector<Value> {},
                active_ptr->expression,
                1,
@ -361,7 +363,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
                    if (m_should_limit_instruction_count)
                        config.enable_instruction_count_limit();
                    config.set_frame(Frame {
-                        main_module_instance,
+                        auxiliary_instance,
                        Vector<Value> {},
                        data.offset,
                        1,
--- a/Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
+++ b/Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
@ -728,6 +728,9 @@ void BytecodeInterpreter::interpret(Configuration& configuration, InstructionPoi
    }
    case Instructions::global_get.value(): {
        auto global_index = instruction.arguments().get<GlobalIndex>();
+        // This check here is for const expressions. In non-const expressions,
+        // a validation error would have been thrown.
+        TRAP_IF_NOT(global_index < configuration.frame().module().globals().size());
        auto address = configuration.frame().module().globals()[global_index.value()];
        dbgln_if(WASM_TRACE_DEBUG, "global({}) -> stack", address.value());
        auto global = configuration.store().get(address);