RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-20 13:55:08 +00:00
Code Issues Activity Actions

LibWasm: Make memory operation address calculation match the spec

Browse source 
...or rather, match what the spec _means_ to say, not what it actually
says.
This commit is contained in:
Ali Mohammad Pur 2021-08-10 23:40:01 +04:30 committed by Andreas Kling
parent ad3de4648a
commit b6381f785d
1 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
View file

@ -98,10 +98,12 @@ void BytecodeInterpreter::load_and_push(Configuration& configuration, Instructio
m_trap = Trap { "Memory access out of bounds" }; m_trap = Trap { "Memory access out of bounds" };
return; return;
} }
auto instance_address = base.value() + static_cast<i64>(arg.offset); u64 instance_address = static_cast<u64>(bit_cast<u32>(base.value())) + arg.offset;
if (instance_address < 0 || static_cast<u64>(instance_address + sizeof(ReadType)) > memory->size()) { Checked addition { instance_address };
addition += sizeof(ReadType);
if (addition.has_overflow() || addition.value() > memory->size()) {
m_trap = Trap { "Memory access out of bounds" }; m_trap = Trap { "Memory access out of bounds" };
dbgln("LibWasm: Memory access out of bounds (expected 0 <= {} and {} <= {})", instance_address, instance_address + sizeof(ReadType), memory->size()); dbgln("LibWasm: Memory access out of bounds (expected {} to be less than or equal to {})", instance_address + sizeof(ReadType), memory->size());
return; return;
} }
dbgln_if(WASM_TRACE_DEBUG, "load({} : {}) -> stack", instance_address, sizeof(ReadType)); dbgln_if(WASM_TRACE_DEBUG, "load({} : {}) -> stack", instance_address, sizeof(ReadType));
@ -120,8 +122,10 @@ void BytecodeInterpreter::store_to_memory(Configuration& configuration, Instruct
TRAP_IF_NOT(entry.has<Value>()); TRAP_IF_NOT(entry.has<Value>());
auto base = entry.get<Value>().to<i32>(); auto base = entry.get<Value>().to<i32>();
TRAP_IF_NOT(base.has_value()); TRAP_IF_NOT(base.has_value());
auto instance_address = base.value() + static_cast<i64>(arg.offset); u64 instance_address = static_cast<u64>(bit_cast<u32>(base.value())) + arg.offset;
if (instance_address < 0 || static_cast<u64>(instance_address + data.size()) > memory->size()) { Checked addition { instance_address };
addition += data.size();
if (addition.has_overflow() || addition.value() > memory->size()) {
m_trap = Trap { "Memory access out of bounds" }; m_trap = Trap { "Memory access out of bounds" };
dbgln("LibWasm: Memory access out of bounds (expected 0 <= {} and {} <= {})", instance_address, instance_address + data.size(), memory->size()); dbgln("LibWasm: Memory access out of bounds (expected 0 <= {} and {} <= {})", instance_address, instance_address + data.size(), memory->size());
return; return;