This commit is contained in:
Chris Fallin 2022-11-29 10:36:45 -08:00
parent 6273e399de
commit 6373cfd665
No known key found for this signature in database
GPG key ID: 31649E4FE65EB465
3 changed files with 13 additions and 4 deletions

View file

@ -11,7 +11,7 @@ fuzz_target!(|module: wasm_smith::Module| {
Ok(m) => m, Ok(m) => m,
Err(e) => { Err(e) => {
match e.downcast::<FrontendError>() { match e.downcast::<FrontendError>() {
Ok(FrontendError::UnsupportedFeature(_)) => { Ok(FrontendError::UnsupportedFeature(_)) | Ok(FrontendError::TooLarge(_)) => {
// Just skip this case. // Just skip this case.
return; return;
} }

View file

@ -3,6 +3,7 @@
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub enum FrontendError { pub enum FrontendError {
UnsupportedFeature(String), UnsupportedFeature(String),
TooLarge(String),
Internal(String), Internal(String),
} }

View file

@ -233,10 +233,18 @@ fn handle_payload<'a>(
} }
let table_items = module.table_mut(table).func_elements.as_mut().unwrap(); let table_items = module.table_mut(table).func_elements.as_mut().unwrap();
if (offset + funcs.len()) > table_items.len() { let new_size = offset + funcs.len();
table_items.resize(offset + funcs.len(), Func::invalid()); if new_size > table_items.len() {
static MAX_TABLE: usize = 100_000;
if new_size > MAX_TABLE {
bail!(FrontendError::TooLarge(format!(
"Too many table elements: {:?}",
new_size
)));
} }
table_items[offset..(offset + funcs.len())].copy_from_slice(&funcs[..]); table_items.resize(new_size, Func::invalid());
}
table_items[offset..new_size].copy_from_slice(&funcs[..]);
} }
} }
} }