LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-11 13:36:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

LibWasm: Check data section offset for overflow during instantiation

Browse Source
This commit is contained in:
Diego 2024-06-07 08:05:32 -07:00 committed by Ali Mohammad Pur
parent 28d4e326f8
commit bd6ee060d2
Notes: sideshowbarker 2024-07-17 20:19:08 +09:00 
Author: https://github.com/dzfrias
Commit: https://github.com/LadybirdBrowser/ladybird/commit/bd6ee060d2
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/97
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp
View File

@ -345,7 +345,9 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
return;
auto address = main_module_instance.memories()[data.index.value()];
auto instance = m_store.get(address);
if (data.init.size() + offset > instance->size()) {
Checked<size_t> checked_offset = data.init.size();
checked_offset += offset;
if (checked_offset.has_overflow() || checked_offset > instance->size()) {
instantiation_result = InstantiationError {
ByteString::formatted("Data segment attempted to write to out-of-bounds memory ({}) in memory of size {}",
offset, instance->size())