Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

InstanceHandler::memory_grow performs unsynchronized write to shared memory #1632

Closed
bjorn3 opened this issue Sep 17, 2020 · 1 comment · Fixed by #2892
Closed

InstanceHandler::memory_grow performs unsynchronized write to shared memory #1632

bjorn3 opened this issue Sep 17, 2020 · 1 comment · Fixed by #2892
Labels
bug Something isn't working 📦 lib-vm About wasmer-vm priority-medium Medium priority issue 🚧 work in progress
Milestone

Comments

@bjorn3
Copy link

bjorn3 commented Sep 17, 2020

pub(crate) fn memory_grow<IntoPages>(

This happens through set_memory

*self.memory_ptr(index).as_ptr() = mem.clone();

Because InstanceHandler is Send and Clone shares the same underlying Instance this can cause two threads to write to the same place at the same time in a non-atomic way. This is a data-race. Because VMMemoryDefenition is bigger than a pointer this will cause a mangled value being stored in some cases even if LLVM doesn't take advantage of the UB.

@MarkMcCaskey MarkMcCaskey added 1.0 Wasmer at 1.0 bug Something isn't working labels Sep 21, 2020
@Hywan Hywan added 📦 lib-vm About wasmer-vm bug Something isn't working and removed bug Something isn't working 1.0 Wasmer at 1.0 labels Jul 16, 2021
@heyjdp heyjdp added this to the v3.0 milestone Apr 27, 2022
@syrusakbary
Copy link
Member

We believe this will be solved by our refactor in Wasmer 3.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working 📦 lib-vm About wasmer-vm priority-medium Medium priority issue 🚧 work in progress
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants