diff --git a/fuzz/fuzz_targets/roundtrip.rs b/fuzz/fuzz_targets/roundtrip.rs index f9cddbc..b0502af 100644 --- a/fuzz/fuzz_targets/roundtrip.rs +++ b/fuzz/fuzz_targets/roundtrip.rs @@ -11,7 +11,7 @@ fuzz_target!(|module: wasm_smith::Module| { Ok(m) => m, Err(e) => { match e.downcast::() { - Ok(FrontendError::UnsupportedFeature(_)) => { + Ok(FrontendError::UnsupportedFeature(_)) | Ok(FrontendError::TooLarge(_)) => { // Just skip this case. return; } diff --git a/src/errors.rs b/src/errors.rs index c325db3..2937489 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -3,6 +3,7 @@ #[derive(Clone, Debug)] pub enum FrontendError { UnsupportedFeature(String), + TooLarge(String), Internal(String), } diff --git a/src/frontend.rs b/src/frontend.rs index f6da6ee..492fb91 100644 --- a/src/frontend.rs +++ b/src/frontend.rs @@ -233,10 +233,18 @@ fn handle_payload<'a>( } let table_items = module.table_mut(table).func_elements.as_mut().unwrap(); - if (offset + funcs.len()) > table_items.len() { - table_items.resize(offset + funcs.len(), Func::invalid()); + let new_size = offset + funcs.len(); + if new_size > table_items.len() { + static MAX_TABLE: usize = 100_000; + if new_size > MAX_TABLE { + bail!(FrontendError::TooLarge(format!( + "Too many table elements: {:?}", + new_size + ))); + } + table_items.resize(new_size, Func::invalid()); } - table_items[offset..(offset + funcs.len())].copy_from_slice(&funcs[..]); + table_items[offset..new_size].copy_from_slice(&funcs[..]); } } }