Closed
Description
the WASI API which uses iovs is not check the iovs' buf address and buf length,it would result in out of buffer.
run the poc,you will see the memory information leak

If you build with asan,you will see that buffer-overflow detected
root@ubuntu:~/Desktop# ./m3 ~/Desktop/wabt/bin/poc.wasm
==44312==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x631000038818 at pc 0x7f3b4c5ce93e bp 0x7ffcdce54020 sp 0x7ffcdce537c8
READ of size 28672 at 0x631000038818 thread T0
#0 0x7f3b4c5ce93d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x4c93d)
.............
Metadata
Assignees
Labels
No labels