fix(interface-types) Avoid integer overflows in string instructions.

2024-12-04 15:20:20 +00:00 · 2020-03-26 08:27:51 +01:00 · 2020-03-26 08:27:51 +01:00 · bf7f7cf927
commit bf7f7cf927
parent 2074ce8bce
1 changed files with 26 additions and 7 deletions
--- a/src/interpreter/instructions/strings.rs
+++ b/src/interpreter/instructions/strings.rs
@ -10,7 +10,7 @@ use crate::{
        Instruction,
    },
 };
-use std::cell::Cell;
+use std::{cell::Cell, convert::TryInto};

 executable_instruction!(
    string_lift_memory(instruction: Instruction) -> _ {
@ -23,7 +23,6 @@ executable_instruction!(
            })?;

            let memory_index: u32 = 0;
-
            let memory = runtime
                .wasm_instance
                .memory(memory_index as usize)
@ -34,8 +33,18 @@ executable_instruction!(
                    )
                })?;

-            let pointer = to_native::<i32>(&inputs[0], instruction)? as usize;
-            let length = to_native::<i32>(&inputs[1], instruction)? as usize;
+            let pointer: usize = to_native::<i32>(&inputs[0], instruction)?.try_into().map_err(|_| {
+                InstructionError::new(
+                    instruction,
+                    InstructionErrorKind::NegativeValue { subject: "pointer" },
+                )
+            })?;
+            let length: usize = to_native::<i32>(&inputs[1], instruction)?.try_into().map_err(|_| {
+                InstructionError::new(
+                    instruction,
+                    InstructionErrorKind::NegativeValue { subject: "length" },
+                )
+            })?;
            let memory_view = memory.view();

            if length == 0 {
@ -102,7 +111,12 @@ executable_instruction!(

            let string: String = to_native(&string, instruction)?;
            let string_bytes = string.as_bytes();
-            let string_length = string_bytes.len() as i32;
+            let string_length: i32 = string_bytes.len().try_into().map_err(|_| {
+                InstructionError::new(
+                    instruction,
+                    InstructionErrorKind::NegativeValue { subject: "string_length" },
+                )
+            })?;

            let outputs = allocator.call(&[InterfaceValue::I32(string_length)]).map_err(|_| {
                InstructionError::new(
@ -110,7 +124,12 @@ executable_instruction!(
                    InstructionErrorKind::LocalOrImportCall { function_index: allocator_index },
                )
            })?;
-            let string_pointer: i32 = to_native(&outputs[0], instruction)?;
+            let string_pointer: u32 = to_native::<i32>(&outputs[0], instruction)?.try_into().map_err(|_| {
+                InstructionError::new(
+                    instruction,
+                    InstructionErrorKind::NegativeValue { subject: "string_pointer" },
+                )
+            })?;

            let memory_index: u32 = 0;
            let memory_view = instance
@ -127,7 +146,7 @@ executable_instruction!(
                memory_view[string_pointer as usize + nth].set(*byte);
            }

-            runtime.stack.push(InterfaceValue::I32(string_pointer));
+            runtime.stack.push(InterfaceValue::I32(string_pointer as i32));
            runtime.stack.push(InterfaceValue::I32(string_length));

            Ok(())