portal/waffle
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fuzzing: reject too-large memories

Browse source
This commit is contained in:
Chris Fallin 2023-02-25 17:12:02 -08:00
parent 9c84c7d44d
commit f18c624b9a
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/backend/localify.rs
View file

@ -210,6 +210,7 @@ impl<'a> Context<'a> {
// Live-outs to succ blocks: in this block-local // Live-outs to succ blocks: in this block-local
// handling, model them as uses as the end of the block. // handling, model them as uses as the end of the block.
for &livein in &self.block_end_live[block] { for &livein in &self.block_end_live[block] {
let livein = self.body.resolve_alias(livein);
visitor.visitor.visit_use(livein); visitor.visitor.visit_use(livein);
} }
// Visit all insts. // Visit all insts.

8
src/fuzzing.rs
View file

@ -34,6 +34,14 @@ pub fn reject(bytes: &[u8]) -> bool {
} }
} }
} }
wasmparser::Payload::MemorySection(mut reader) => {
for _ in 0..reader.get_count() {
let m = reader.read().unwrap();
if m.maximum.is_none() || m.maximum.unwrap() > 100 {
return true;
}
}
}
_ => {} _ => {}
} }
} }