mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-09-17 23:12:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWasm: Check data section offset for overflow during instantiation

Browse source
This commit is contained in:
Diego 2024-06-07 08:05:32 -07:00 committed by Ali Mohammad Pur
commit bd6ee060d2
Notes: sideshowbarker 2024-07-17 20:19:08 +09:00
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp
View file

@ -345,7 +345,9 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
return;
auto address = main_module_instance.memories()[data.index.value()];
auto instance = m_store.get(address);
if (data.init.size() + offset > instance->size()) {
Checked<size_t> checked_offset = data.init.size();
checked_offset += offset;
if (checked_offset.has_overflow() || checked_offset > instance->size()) {
instantiation_result = InstantiationError {
ByteString::formatted("Data segment attempted to write to out-of-bounds memory ({}) in memory of size {}",
offset, instance->size())