[fuzzing] Use software bound-check during fuzzing (#4003)

lum1n0us · web-flow · commit 9989b1cc1bdf · 2025-01-06T11:36:11.000+08:00
* Update CMakeLists.txt of fuzzing

- enable software bound-check
- enable wasi
- disable libc builtin and multiple modules

* Fix off-by-one error in result offset calculation for function calls
diff --git a/core/iwasm/interpreter/wasm_interp_fast.c b/core/iwasm/interpreter/wasm_interp_fast.c
@@ -1670,7 +1670,8 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
             {
                 uint32 ret_idx;
                 WASMFuncType *func_type;
-                uint32 off, ret_offset;
+                int32 off;
+                uint32 ret_offset;
                 uint8 *ret_types;
                 if (cur_func->is_import_func)
                     func_type = cur_func->u.func_import->func_type;
@@ -1682,9 +1683,9 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
                 ret_offset = prev_frame->ret_offset;
 
                 for (ret_idx = 0,
-                    off = sizeof(int16) * (func_type->result_count - 1);
+                    off = (int32)sizeof(int16) * (func_type->result_count - 1);
                      ret_idx < func_type->result_count;
-                     ret_idx++, off -= sizeof(int16)) {
+                     ret_idx++, off -= (int32)sizeof(int16)) {
                     if (ret_types[ret_idx] == VALUE_TYPE_I64
                         || ret_types[ret_idx] == VALUE_TYPE_F64) {
                         PUT_I64_TO_ADDR(prev_frame->lp + ret_offset,
diff --git a/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt b/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt
@@ -66,7 +66,7 @@ if (NOT DEFINED WAMR_BUILD_JIT)
 endif ()
 
 if (NOT DEFINED WAMR_BUILD_LIBC_BUILTIN)
-  # Enable libc builtin support by default
+  # Disable libc builtin support by default
   set (WAMR_BUILD_LIBC_BUILTIN 0)
 endif ()
 
@@ -81,7 +81,7 @@ if (NOT DEFINED WAMR_BUILD_FAST_INTERP)
 endif ()
 
 if (NOT DEFINED WAMR_BUILD_MULTI_MODULE)
-  # Enable multiple modules
+  # Disable multiple modules
   set (WAMR_BUILD_MULTI_MODULE 0)
 endif ()
 
@@ -116,6 +116,10 @@ if (WAMR_BUILD_DEBUG_INTERP EQUAL 1)
   set (WAMR_BUILD_SIMD 0)
 endif ()
 
+# sanitizer may use kHandleSignalExclusive to handle SIGSEGV
+# like `UBSAN_OPTIONS=handle_segv=2:...`
+set (WAMR_DISABLE_HW_BOUND_CHECK 1)
+
 set (REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..)
 message([ceith]:REPO_ROOT_DIR, ${REPO_ROOT_DIR})
 
