You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For example, when the input only contains (), wavm -c $FILE reports
=================================================================
==21660==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000d0 at pc 0x00000089fb37 bp 0x7ffcd9799aa0 sp 0x7ffcd9799a98
READ of size 4 at 0x6020000000d0 thread T0
#0 0x89fb36 in loadModule(char const*, IR::Module&) /home/hongxu/FOT/WAVM/Include/Inline/CLI.h:147:5
#1 0x89d167 in run(CommandLineOptions const&) /home/hongxu/FOT/WAVM/Programs/wavm/wavm.cpp:140:6
#2 0x89d0a7 in main /home/hongxu/FOT/WAVM/Programs/wavm/wavm.cpp:404:9
#3 0x7f62a805bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#4 0x79fc09 in _start (/home/hongxu/FOT/WAVM/bin/wavm+0x79fc09)
0x6020000000d3 is located 0 bytes to the right of 3-byte region [0x6020000000d0,0x6020000000d3)
allocated by thread T0 here:
#0 0x898070 in operator new(unsigned long) (/home/hongxu/FOT/WAVM/bin/wavm+0x898070)
#1 0x8a511f in __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/c++/7.3.0/ext/new_allocator.h:111:27
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hongxu/FOT/WAVM/Include/Inline/CLI.h:147:5 in loadModule(char const*, IR::Module&)
Shadow bytes around the buggy address:
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff8000: fa fa 00 fa fa fa 00 00 fa fa 00 00 fa fa 00 00
=>0x0c047fff8010: fa fa fd fa fa fa 00 00 fa fa[03]fa fa fa fa fa
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==21660==ABORTING
[1] 21660 abort ~/FOT/WAVM/bin/wavm -c ./test.wast
In another extreme case, when the input is empty string, it raises SIGSEGV.
The text was updated successfully, but these errors were encountered:
During loading module (https://github.com/WAVM/WAVM/blob/master/Include/Inline/CLI.h#L147, as of 234e8b9), there is a missing check for cases where file bytes are less than 4 bytes. This may crash wavm.
For example, when the input only contains
()
,wavm -c $FILE
reportsIn another extreme case, when the input is empty string, it raises
SIGSEGV
.The text was updated successfully, but these errors were encountered: