fuzzing: reject too-large memories

2023-02-25 17:12:02 -08:00 · 2023-02-25 17:12:02 -08:00 · f18c624b9a
parent 9c84c7d44d
commit f18c624b9a
2 changed files with 9 additions and 0 deletions
--- a/src/backend/localify.rs
+++ b/src/backend/localify.rs
@ -210,6 +210,7 @@ impl<'a> Context<'a> {
            // Live-outs to succ blocks: in this block-local
            // handling, model them as uses as the end of the block.
            for &livein in &self.block_end_live[block] {
+                let livein = self.body.resolve_alias(livein);
                visitor.visitor.visit_use(livein);
            }
            // Visit all insts.
--- a/src/fuzzing.rs
+++ b/src/fuzzing.rs
@ -34,6 +34,14 @@ pub fn reject(bytes: &[u8]) -> bool {
                    }
                }
            }
+            wasmparser::Payload::MemorySection(mut reader) => {
+                for _ in 0..reader.get_count() {
+                    let m = reader.read().unwrap();
+                    if m.maximum.is_none() || m.maximum.unwrap() > 100 {
+                        return true;
+                    }
+                }
+            }
            _ => {}
        }
    }