Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version:
version_103
System information Ubuntu 20.04.1 LTS, clang version 10.0.0-4ubuntu1
command:
./wasm-dis POC2
POC2.zip
Result
[28] 3932046 segmentation fault ./wasm-dis
GDB information
Program received signal SIGSEGV, Segmentation fault. [----------------------------------registers-----------------------------------] RAX: 0x2 RBX: 0x7fffffffd390 --> 0x7fffffffd8c0 --> 0x0 RCX: 0x0 RDX: 0x0 RSI: 0xffffffff RDI: 0x7fffffffd390 --> 0x7fffffffd8c0 --> 0x0 RBP: 0x7fffffffcf40 --> 0x7fffffffd030 --> 0x7fffffffd0a0 --> 0x7fffffffd100 --> 0x7fffffffd1e0 --> 0x7fffffffd370 (--> ...) RSP: 0x7fffffffce90 --> 0x8 RIP: 0x7ffff7c1203c (<_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+76>: mov rax,QWORD PTR [rdx+0x38]) R8 : 0x0 R9 : 0x0 R10: 0x7ffff74d633d ("_ZN4wasm17WasmBinaryBuilder16startControlFlowEPNS_10ExpressionE") R11: 0x7ffff7be2080 (<_ZN4wasm17WasmBinaryBuilder16startControlFlowEPNS_10ExpressionE>: endbr64) R12: 0x17 R13: 0x55555559ec68 --> 0x1 R14: 0x7fffffffcf80 --> 0x7fffffffd038 --> 0x7ffff7c0ba5e (<_ZN4wasm17WasmBinaryBuilder18processExpressionsEv+110>: mov rsi,QWORD PTR [rbp-0x60]) R15: 0x1 EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x7ffff7c1202e <_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+62>: mov rdx,QWORD PTR [rbx+0x148] 0x7ffff7c12035 <_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+69>: mov rdi,rbx 0x7ffff7c12038 <_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+72>: mov QWORD PTR [r13+0x8],rax => 0x7ffff7c1203c <_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+76>: mov rax,QWORD PTR [rdx+0x38] 0x7ffff7c12040 <_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+80>: sub rax,QWORD PTR [rdx+0x30] 0x7ffff7c12044 <_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+84>: sar rax,0x3 0x7ffff7c12048 <_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+88>: mov r15,rax 0x7ffff7c1204b <_ZN4wasm17WasmBinaryBuilder8visitLetEPNS_5BlockE+91>: mov QWORD PTR [rbp-0x88],rax [------------------------------------stack-------------------------------------] 0000| 0x7fffffffce90 --> 0x8 0008| 0x7fffffffce98 --> 0x7fffffffcf10 --> 0x7fffffffcf80 --> 0x7fffffffd038 --> 0x7ffff7c0ba5e (<_ZN4wasm17WasmBinaryBuilder18processExpressionsEv+110>: mov rsi,QWORD PTR [rbp-0x60]) 0016| 0x7fffffffcea0 --> 0x7fffffffd390 --> 0x7fffffffd8c0 --> 0x0 0024| 0x7fffffffcea8 --> 0x659c1cad59c48400 0032| 0x7fffffffceb0 --> 0x7fffffffd6c0 --> 0x55555558a7c0 --> 0x55555559ec50 --> 0xa ('\n') 0040| 0x7fffffffceb8 --> 0x7fffffffd390 --> 0x7fffffffd8c0 --> 0x0 0048| 0x7fffffffcec0 --> 0x7fffffffd390 --> 0x7fffffffd8c0 --> 0x0 0056| 0x7fffffffcec8 --> 0x7ffff76384e1 (<_ZN10MixedArena10allocSpaceEmm+65>: mov rbx,rax) [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV 0x00007ffff7c1203c in wasm::WasmBinaryBuilder::visitLet(wasm::Block*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so gdb-peda$ bt #0 0x00007ffff7c1203c in wasm::WasmBinaryBuilder::visitLet(wasm::Block*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #1 0x00007ffff7c0a742 in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #2 0x00007ffff7c0ba5e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #3 0x00007ffff7c0bd06 in wasm::WasmBinaryBuilder::readExpression() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #4 0x00007ffff7c0bec4 in wasm::WasmBinaryBuilder::readGlobals() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #5 0x00007ffff7c117d0 in wasm::WasmBinaryBuilder::read() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #6 0x00007ffff7c3d766 in wasm::ModuleReader::readBinaryData(std::vector<char, std::allocator<char> >&, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #7 0x00007ffff7c3df6c in wasm::ModuleReader::readBinary(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #8 0x000055555555966c in main () #9 0x00007ffff6ec50b3 in __libc_start_main (main=0x555555558d40 <main>, argc=0x2, argv=0x7fffffffe248, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe238) at ../csu/libc-start.c:308 #10 0x0000555555559d4e in _start () gdb-peda$ bt #0 0x00007ffff7c1203c in wasm::WasmBinaryBuilder::visitLet(wasm::Block*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #1 0x00007ffff7c0a742 in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #2 0x00007ffff7c0ba5e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #3 0x00007ffff7c0bd06 in wasm::WasmBinaryBuilder::readExpression() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #4 0x00007ffff7c0bec4 in wasm::WasmBinaryBuilder::readGlobals() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #5 0x00007ffff7c117d0 in wasm::WasmBinaryBuilder::read() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #6 0x00007ffff7c3d766 in wasm::ModuleReader::readBinaryData(std::vector<char, std::allocator<char> >&, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #7 0x00007ffff7c3df6c in wasm::ModuleReader::readBinary(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #8 0x000055555555966c in main () #9 0x00007ffff6ec50b3 in __libc_start_main (main=0x555555558d40 <main>, argc=0x2, argv=0x7fffffffe248, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe238) at ../csu/libc-start.c:308 #10 0x0000555555559d4e in _start () gdb-peda$ #0 0x00007ffff7c1203c in wasm::WasmBinaryBuilder::visitLet(wasm::Block*) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #1 0x00007ffff7c0a742 in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #2 0x00007ffff7c0ba5e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #3 0x00007ffff7c0bd06 in wasm::WasmBinaryBuilder::readExpression() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #4 0x00007ffff7c0bec4 in wasm::WasmBinaryBuilder::readGlobals() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #5 0x00007ffff7c117d0 in wasm::WasmBinaryBuilder::read() () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #6 0x00007ffff7c3d766 in wasm::ModuleReader::readBinaryData(std::vector<char, std::allocator<char> >&, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #7 0x00007ffff7c3df6c in wasm::ModuleReader::readBinary(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/sourceproject/binaryen/bin/../lib/libbinaryen.so #8 0x000055555555966c in main () #9 0x00007ffff6ec50b3 in __libc_start_main (main=0x555555558d40 <main>, argc=0x2, argv=0x7fffffffe248, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe238) at ../csu/libc-start.c:308 #10 0x0000555555559d4e in _start ()
The text was updated successfully, but these errors were encountered:
Add requireFunctionContext in necessary places (#4388)
b1f6298
Fixes #4384
Successfully merging a pull request may close this issue.
Version:
System information
Ubuntu 20.04.1 LTS, clang version 10.0.0-4ubuntu1
command:
POC2.zip
Result
GDB information
The text was updated successfully, but these errors were encountered: