Skip to content

Heap Overflow in WASI read/write API #323

Closed
@ha1vk

Description

the WASI API which uses iovs is not check the iovs' buf address and buf length,it would result in out of buffer.
run the poc,you will see the memory information leak
image
If you build with asan,you will see that buffer-overflow detected
root@ubuntu:~/Desktop# ./m3 ~/Desktop/wabt/bin/poc.wasm

==44312==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x631000038818 at pc 0x7f3b4c5ce93e bp 0x7ffcdce54020 sp 0x7ffcdce537c8
READ of size 28672 at 0x631000038818 thread T0
#0 0x7f3b4c5ce93d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x4c93d)
.............

poc.wasm.zip

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions