WIP.

2022-11-29 10:36:45 -08:00 · 2022-11-29 10:36:45 -08:00 · 6373cfd665
parent 6273e399de
commit 6373cfd665
3 changed files with 13 additions and 4 deletions
--- a/fuzz/fuzz_targets/roundtrip.rs
+++ b/fuzz/fuzz_targets/roundtrip.rs
@ -11,7 +11,7 @@ fuzz_target!(|module: wasm_smith::Module| {
        Ok(m) => m,
        Err(e) => {
            match e.downcast::<FrontendError>() {
-                Ok(FrontendError::UnsupportedFeature(_)) => {
+                Ok(FrontendError::UnsupportedFeature(_)) | Ok(FrontendError::TooLarge(_)) => {
                    // Just skip this case.
                    return;
                }
--- a/src/errors.rs
+++ b/src/errors.rs
@ -3,6 +3,7 @@
 #[derive(Clone, Debug)]
 pub enum FrontendError {
    UnsupportedFeature(String),
+    TooLarge(String),
    Internal(String),
 }

--- a/src/frontend.rs
+++ b/src/frontend.rs
@ -233,10 +233,18 @@ fn handle_payload<'a>(
                        }

                        let table_items = module.table_mut(table).func_elements.as_mut().unwrap();
-                        if (offset + funcs.len()) > table_items.len() {
-                            table_items.resize(offset + funcs.len(), Func::invalid());
+                        let new_size = offset + funcs.len();
+                        if new_size > table_items.len() {
+                            static MAX_TABLE: usize = 100_000;
+                            if new_size > MAX_TABLE {
+                                bail!(FrontendError::TooLarge(format!(
+                                    "Too many table elements: {:?}",
+                                    new_size
+                                )));
+                            }
+                            table_items.resize(new_size, Func::invalid());
                        }
-                        table_items[offset..(offset + funcs.len())].copy_from_slice(&funcs[..]);
+                        table_items[offset..new_size].copy_from_slice(&funcs[..]);
                    }
                }
            }