Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version:
version_103
System information Ubuntu 20.04.1 LTS, clang version 10.0.0-4ubuntu1
command:
./wasm-opt POC1
POC1.zip
Result
2492902 abort
GDB information
Program received signal SIGABRT, Aborted. [----------------------------------registers-----------------------------------] RAX: 0x0 RBX: 0x7ffff6d4afc0 (0x00007ffff6d4afc0) RCX: 0x7ffff6d9518b (<__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108]) RDX: 0x0 RSI: 0x7fffffffb640 --> 0x0 RDI: 0x2 RBP: 0x7fffffffb8b0 --> 0x7fffffffb8c0 --> 0x7fffffffb8e0 --> 0x7fffffffb930 --> 0x7fffffffb9a0 --> 0x7fffffffb9d0 (--> ...) RSP: 0x7fffffffb640 --> 0x0 RIP: 0x7ffff6d9518b (<__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108]) R8 : 0x0 R9 : 0x7fffffffb640 --> 0x0 R10: 0x8 R11: 0x246 R12: 0x7ffff72ad360 --> 0x7ffff72a73d0 --> 0x7ffff7200400 (<_ZNSoD1Ev>: endbr64) R13: 0x7ffff72ad360 --> 0x7ffff72a73d0 --> 0x7ffff7200400 (<_ZNSoD1Ev>: endbr64) R14: 0x7fffffffccc0 --> 0x555555666f40 --> 0x0 R15: 0x555555656610 ("label$28") EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x7ffff6d9517f <__GI_raise+191>: mov edi,0x2 0x7ffff6d95184 <__GI_raise+196>: mov eax,0xe 0x7ffff6d95189 <__GI_raise+201>: syscall => 0x7ffff6d9518b <__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108] 0x7ffff6d95193 <__GI_raise+211>: xor rax,QWORD PTR fs:0x28 0x7ffff6d9519c <__GI_raise+220>: jne 0x7ffff6d951c4 <__GI_raise+260> 0x7ffff6d9519e <__GI_raise+222>: mov eax,r8d 0x7ffff6d951a1 <__GI_raise+225>: add rsp,0x118 [------------------------------------stack-------------------------------------] 0000| 0x7fffffffb640 --> 0x0 0008| 0x7fffffffb648 --> 0x7fffffffca00 --> 0x7fffffffd160 --> 0x0 0016| 0x7fffffffb650 --> 0x7fffffffca00 --> 0x7fffffffd160 --> 0x0 0024| 0x7fffffffb658 --> 0x7fffffffca00 --> 0x7fffffffd160 --> 0x0 0032| 0x7fffffffb660 --> 0x0 0040| 0x7fffffffb668 --> 0x55555568bdc0 ("label$53") 0048| 0x7fffffffb670 --> 0x7fffffffb6f0 --> 0xffffffffffffffff 0056| 0x7fffffffb678 --> 0x7ffff7be8775 (<_ZN4wasm17WasmBinaryBuilder13popExpressionEv+85>: test al,al) [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGABRT __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. gdb-peda$ bt #0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff6d74859 in __GI_abort () at abort.c:79 #2 0x00007ffff7d3ee48 in wasm::handle_unreachable(char const*, char const*, unsigned int) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #3 0x00007ffff7c84557 in wasm::Type::getHeapType() const () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #4 0x00007ffff7bd6a9c in wasm::BrOn::getSentType() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #5 0x00007ffff789c965 in wasm::BranchUtils::operateOnScopeNameUsesAndSentTypes<wasm::BranchUtils::BranchSeeker::visitExpression(wasm::Expression*)::{lambda(wasm::Name&, wasm::Type)#1}>(wasm::Expression*, wasm::BranchUtils::BranchSeeker::visitExpression(wasm::Expression*)::{lambda(wasm::Name&, wasm::Type)#1})::{lambda(wasm::Name&)#1}::operator()(wasm::Name&) const () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #6 0x00007ffff789ca9d in void wasm::BranchUtils::operateOnScopeNameUses<wasm::BranchUtils::operateOnScopeNameUsesAndSentTypes<wasm::BranchUtils::BranchSeeker::visitExpression(wasm::Expression*)::{lambda(wasm::Name&, wasm::Type)#1}>(wasm::Expression*, wasm::BranchUtils::BranchSeeker::visitExpression(wasm::Expression*)::{lambda(wasm::Name&, wasm::Type)#1})::{lambda(wasm::Name&)#1}>(wasm::Expression*, wasm::BranchUtils::BranchSeeker::visitExpression(wasm::Expression*)::{lambda(wasm::Name&, wasm::Type)#1}) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #7 0x00007ffff789d22c in wasm::Walker<wasm::BranchUtils::BranchSeeker, wasm::UnifiedExpressionVisitor<wasm::BranchUtils::BranchSeeker, void> >::doVisitBrOn(wasm::BranchUtils::BranchSeeker*, wasm::Expression**) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #8 0x00007ffff7a01ef1 in wasm::BranchUtils::BranchSeeker::has(wasm::Expression*, wasm::Name) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #9 0x00007ffff7bd974f in wasm::handleUnreachable(wasm::Block*, wasm::Block::Breakability) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #10 0x00007ffff7c0f923 in wasm::WasmBinaryBuilder::getBlockOrSingleton(wasm::Type) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #11 0x00007ffff7c11f0d in wasm::WasmBinaryBuilder::visitIf(wasm::If*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #12 0x00007ffff7c0acb2 in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #13 0x00007ffff7c0ba5e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #14 0x00007ffff7c0f840 in wasm::WasmBinaryBuilder::getBlockOrSingleton(wasm::Type) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #15 0x00007ffff7c11fcd in wasm::WasmBinaryBuilder::visitIf(wasm::If*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #16 0x00007ffff7c0acb2 in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #17 0x00007ffff7c0ba5e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #18 0x00007ffff7c0f840 in wasm::WasmBinaryBuilder::getBlockOrSingleton(wasm::Type) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #19 0x00007ffff7c11f0d in wasm::WasmBinaryBuilder::visitIf(wasm::If*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #20 0x00007ffff7c0acb2 in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #21 0x00007ffff7c0ba5e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #22 0x00007ffff7c0f840 in wasm::WasmBinaryBuilder::getBlockOrSingleton(wasm::Type) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #23 0x00007ffff7c11f0d in wasm::WasmBinaryBuilder::visitIf(wasm::If*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #24 0x00007ffff7c0acb2 in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #25 0x00007ffff7c0ba5e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #26 0x00007ffff7c0f012 in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #27 0x00007ffff7c0b29e in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #28 0x00007ffff7c0ba5e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #29 0x00007ffff7c0f840 in wasm::WasmBinaryBuilder::getBlockOrSingleton(wasm::Type) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #30 0x00007ffff7c1026b in wasm::WasmBinaryBuilder::readFunctions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #31 0x00007ffff7c11802 in wasm::WasmBinaryBuilder::read() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #32 0x00007ffff7c3d766 in wasm::ModuleReader::readBinaryData(std::vector<char, std::allocator<char> >&, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #33 0x00007ffff7c3df6c in wasm::ModuleReader::readBinary(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #34 0x00007ffff7c3e641 in wasm::ModuleReader::read(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #35 0x000055555557e5bb in main () #36 0x00007ffff6d760b3 in __libc_start_main (main=0x55555557cb40 <main>, argc=0x2, argv=0x7fffffffe258, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe248) at ../csu/libc-start.c:308 #37 0x000055555557f97e in _start ()
The text was updated successfully, but these errors were encountered:
Add binary format parse checking for ref.as input type (#4389)
62d83d5
If that type is not valid then we cannot even create and finalize the node, which means we'd hit an assertion inside finalize(), before we reach the validator. Fixes #4383
Successfully merging a pull request may close this issue.
Version:
System information
Ubuntu 20.04.1 LTS, clang version 10.0.0-4ubuntu1
command:
POC1.zip
Result
GDB information
The text was updated successfully, but these errors were encountered: