From f18c624b9a0d8af7a40baa902fbefeaead2022c5 Mon Sep 17 00:00:00 2001 From: Chris Fallin Date: Sat, 25 Feb 2023 17:12:02 -0800 Subject: [PATCH] fuzzing: reject too-large memories --- src/backend/localify.rs | 1 + src/fuzzing.rs | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/src/backend/localify.rs b/src/backend/localify.rs index f6e8c4e..4a95427 100644 --- a/src/backend/localify.rs +++ b/src/backend/localify.rs @@ -210,6 +210,7 @@ impl<'a> Context<'a> { // Live-outs to succ blocks: in this block-local // handling, model them as uses as the end of the block. for &livein in &self.block_end_live[block] { + let livein = self.body.resolve_alias(livein); visitor.visitor.visit_use(livein); } // Visit all insts. diff --git a/src/fuzzing.rs b/src/fuzzing.rs index 2bf20f3..3b8e486 100644 --- a/src/fuzzing.rs +++ b/src/fuzzing.rs @@ -34,6 +34,14 @@ pub fn reject(bytes: &[u8]) -> bool { } } } + wasmparser::Payload::MemorySection(mut reader) => { + for _ in 0..reader.get_count() { + let m = reader.read().unwrap(); + if m.maximum.is_none() || m.maximum.unwrap() > 100 { + return true; + } + } + } _ => {} } }