Skip to content

Commit f359b51

Browse files
TianlongLiangTianlongLiang
authored
Fix threads opcodes' boundary check in classic-interp and fast-interp (#3136)
Using `CHECK_BULK_MEMORY_OVERFLOW(addr + offset, n, maddr)` to do the boundary check may encounter integer overflow in `addr + offset`, change to use `CHECK_MEMORY_OVERFLOW(n)` instead, which converts `addr` and `offset` to uint64 first and then add them to avoid integer overflow.
1 parent d6d5072 commit f359b51

File tree

2 files changed

+65
-65
lines changed

2 files changed

+65
-65
lines changed

core/iwasm/interpreter/wasm_interp_classic.c

Lines changed: 31 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -728,7 +728,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
728728
addr = POP_I32(); \
729729
\
730730
if (opcode == WASM_OP_ATOMIC_RMW_I32_##OP_NAME##8_U) { \
731-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr); \
731+
CHECK_MEMORY_OVERFLOW(1); \
732732
CHECK_ATOMIC_MEMORY_ACCESS(); \
733733
\
734734
shared_memory_lock(memory); \
@@ -737,7 +737,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
737737
shared_memory_unlock(memory); \
738738
} \
739739
else if (opcode == WASM_OP_ATOMIC_RMW_I32_##OP_NAME##16_U) { \
740-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr); \
740+
CHECK_MEMORY_OVERFLOW(2); \
741741
CHECK_ATOMIC_MEMORY_ACCESS(); \
742742
\
743743
shared_memory_lock(memory); \
@@ -746,7 +746,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
746746
shared_memory_unlock(memory); \
747747
} \
748748
else { \
749-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr); \
749+
CHECK_MEMORY_OVERFLOW(4); \
750750
CHECK_ATOMIC_MEMORY_ACCESS(); \
751751
\
752752
shared_memory_lock(memory); \
@@ -768,7 +768,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
768768
addr = POP_I32(); \
769769
\
770770
if (opcode == WASM_OP_ATOMIC_RMW_I64_##OP_NAME##8_U) { \
771-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr); \
771+
CHECK_MEMORY_OVERFLOW(1); \
772772
CHECK_ATOMIC_MEMORY_ACCESS(); \
773773
\
774774
shared_memory_lock(memory); \
@@ -777,7 +777,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
777777
shared_memory_unlock(memory); \
778778
} \
779779
else if (opcode == WASM_OP_ATOMIC_RMW_I64_##OP_NAME##16_U) { \
780-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr); \
780+
CHECK_MEMORY_OVERFLOW(2); \
781781
CHECK_ATOMIC_MEMORY_ACCESS(); \
782782
\
783783
shared_memory_lock(memory); \
@@ -786,7 +786,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
786786
shared_memory_unlock(memory); \
787787
} \
788788
else if (opcode == WASM_OP_ATOMIC_RMW_I64_##OP_NAME##32_U) { \
789-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr); \
789+
CHECK_MEMORY_OVERFLOW(4); \
790790
CHECK_ATOMIC_MEMORY_ACCESS(); \
791791
\
792792
shared_memory_lock(memory); \
@@ -796,7 +796,7 @@ trunc_f64_to_int(WASMModuleInstance *module, uint32 *frame_sp, float64 src_min,
796796
} \
797797
else { \
798798
uint64 op_result; \
799-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr); \
799+
CHECK_MEMORY_OVERFLOW(8); \
800800
CHECK_ATOMIC_MEMORY_ACCESS(); \
801801
\
802802
shared_memory_lock(memory); \
@@ -3864,7 +3864,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
38643864

38653865
notify_count = POP_I32();
38663866
addr = POP_I32();
3867-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
3867+
CHECK_MEMORY_OVERFLOW(4);
38683868
CHECK_ATOMIC_MEMORY_ACCESS();
38693869

38703870
ret = wasm_runtime_atomic_notify(
@@ -3884,7 +3884,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
38843884
timeout = POP_I64();
38853885
expect = POP_I32();
38863886
addr = POP_I32();
3887-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
3887+
CHECK_MEMORY_OVERFLOW(4);
38883888
CHECK_ATOMIC_MEMORY_ACCESS();
38893889

38903890
ret = wasm_runtime_atomic_wait(
@@ -3908,7 +3908,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
39083908
timeout = POP_I64();
39093909
expect = POP_I64();
39103910
addr = POP_I32();
3911-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr);
3911+
CHECK_MEMORY_OVERFLOW(8);
39123912
CHECK_ATOMIC_MEMORY_ACCESS();
39133913

39143914
ret = wasm_runtime_atomic_wait(
@@ -3941,21 +3941,21 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
39413941
addr = POP_I32();
39423942

39433943
if (opcode == WASM_OP_ATOMIC_I32_LOAD8_U) {
3944-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
3944+
CHECK_MEMORY_OVERFLOW(1);
39453945
CHECK_ATOMIC_MEMORY_ACCESS();
39463946
shared_memory_lock(memory);
39473947
readv = (uint32)(*(uint8 *)maddr);
39483948
shared_memory_unlock(memory);
39493949
}
39503950
else if (opcode == WASM_OP_ATOMIC_I32_LOAD16_U) {
3951-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
3951+
CHECK_MEMORY_OVERFLOW(2);
39523952
CHECK_ATOMIC_MEMORY_ACCESS();
39533953
shared_memory_lock(memory);
39543954
readv = (uint32)LOAD_U16(maddr);
39553955
shared_memory_unlock(memory);
39563956
}
39573957
else {
3958-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
3958+
CHECK_MEMORY_OVERFLOW(4);
39593959
CHECK_ATOMIC_MEMORY_ACCESS();
39603960
shared_memory_lock(memory);
39613961
readv = LOAD_I32(maddr);
@@ -3976,28 +3976,28 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
39763976
addr = POP_I32();
39773977

39783978
if (opcode == WASM_OP_ATOMIC_I64_LOAD8_U) {
3979-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
3979+
CHECK_MEMORY_OVERFLOW(1);
39803980
CHECK_ATOMIC_MEMORY_ACCESS();
39813981
shared_memory_lock(memory);
39823982
readv = (uint64)(*(uint8 *)maddr);
39833983
shared_memory_unlock(memory);
39843984
}
39853985
else if (opcode == WASM_OP_ATOMIC_I64_LOAD16_U) {
3986-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
3986+
CHECK_MEMORY_OVERFLOW(2);
39873987
CHECK_ATOMIC_MEMORY_ACCESS();
39883988
shared_memory_lock(memory);
39893989
readv = (uint64)LOAD_U16(maddr);
39903990
shared_memory_unlock(memory);
39913991
}
39923992
else if (opcode == WASM_OP_ATOMIC_I64_LOAD32_U) {
3993-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
3993+
CHECK_MEMORY_OVERFLOW(4);
39943994
CHECK_ATOMIC_MEMORY_ACCESS();
39953995
shared_memory_lock(memory);
39963996
readv = (uint64)LOAD_U32(maddr);
39973997
shared_memory_unlock(memory);
39983998
}
39993999
else {
4000-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr);
4000+
CHECK_MEMORY_OVERFLOW(8);
40014001
CHECK_ATOMIC_MEMORY_ACCESS();
40024002
shared_memory_lock(memory);
40034003
readv = LOAD_I64(maddr);
@@ -4018,21 +4018,21 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
40184018
addr = POP_I32();
40194019

40204020
if (opcode == WASM_OP_ATOMIC_I32_STORE8) {
4021-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
4021+
CHECK_MEMORY_OVERFLOW(1);
40224022
CHECK_ATOMIC_MEMORY_ACCESS();
40234023
shared_memory_lock(memory);
40244024
*(uint8 *)maddr = (uint8)sval;
40254025
shared_memory_unlock(memory);
40264026
}
40274027
else if (opcode == WASM_OP_ATOMIC_I32_STORE16) {
4028-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
4028+
CHECK_MEMORY_OVERFLOW(2);
40294029
CHECK_ATOMIC_MEMORY_ACCESS();
40304030
shared_memory_lock(memory);
40314031
STORE_U16(maddr, (uint16)sval);
40324032
shared_memory_unlock(memory);
40334033
}
40344034
else {
4035-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
4035+
CHECK_MEMORY_OVERFLOW(4);
40364036
CHECK_ATOMIC_MEMORY_ACCESS();
40374037
shared_memory_lock(memory);
40384038
STORE_U32(maddr, sval);
@@ -4052,28 +4052,28 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
40524052
addr = POP_I32();
40534053

40544054
if (opcode == WASM_OP_ATOMIC_I64_STORE8) {
4055-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
4055+
CHECK_MEMORY_OVERFLOW(1);
40564056
CHECK_ATOMIC_MEMORY_ACCESS();
40574057
shared_memory_lock(memory);
40584058
*(uint8 *)maddr = (uint8)sval;
40594059
shared_memory_unlock(memory);
40604060
}
40614061
else if (opcode == WASM_OP_ATOMIC_I64_STORE16) {
4062-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
4062+
CHECK_MEMORY_OVERFLOW(2);
40634063
CHECK_ATOMIC_MEMORY_ACCESS();
40644064
shared_memory_lock(memory);
40654065
STORE_U16(maddr, (uint16)sval);
40664066
shared_memory_unlock(memory);
40674067
}
40684068
else if (opcode == WASM_OP_ATOMIC_I64_STORE32) {
4069-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
4069+
CHECK_MEMORY_OVERFLOW(4);
40704070
CHECK_ATOMIC_MEMORY_ACCESS();
40714071
shared_memory_lock(memory);
40724072
STORE_U32(maddr, (uint32)sval);
40734073
shared_memory_unlock(memory);
40744074
}
40754075
else {
4076-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr);
4076+
CHECK_MEMORY_OVERFLOW(8);
40774077
CHECK_ATOMIC_MEMORY_ACCESS();
40784078
shared_memory_lock(memory);
40794079
PUT_I64_TO_ADDR((uint32 *)maddr, sval);
@@ -4093,7 +4093,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
40934093
addr = POP_I32();
40944094

40954095
if (opcode == WASM_OP_ATOMIC_RMW_I32_CMPXCHG8_U) {
4096-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
4096+
CHECK_MEMORY_OVERFLOW(1);
40974097
CHECK_ATOMIC_MEMORY_ACCESS();
40984098

40994099
expect = (uint8)expect;
@@ -4104,7 +4104,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
41044104
shared_memory_unlock(memory);
41054105
}
41064106
else if (opcode == WASM_OP_ATOMIC_RMW_I32_CMPXCHG16_U) {
4107-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
4107+
CHECK_MEMORY_OVERFLOW(2);
41084108
CHECK_ATOMIC_MEMORY_ACCESS();
41094109

41104110
expect = (uint16)expect;
@@ -4115,7 +4115,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
41154115
shared_memory_unlock(memory);
41164116
}
41174117
else {
4118-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
4118+
CHECK_MEMORY_OVERFLOW(4);
41194119
CHECK_ATOMIC_MEMORY_ACCESS();
41204120

41214121
shared_memory_lock(memory);
@@ -4139,7 +4139,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
41394139
addr = POP_I32();
41404140

41414141
if (opcode == WASM_OP_ATOMIC_RMW_I64_CMPXCHG8_U) {
4142-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 1, maddr);
4142+
CHECK_MEMORY_OVERFLOW(1);
41434143
CHECK_ATOMIC_MEMORY_ACCESS();
41444144

41454145
expect = (uint8)expect;
@@ -4150,7 +4150,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
41504150
shared_memory_unlock(memory);
41514151
}
41524152
else if (opcode == WASM_OP_ATOMIC_RMW_I64_CMPXCHG16_U) {
4153-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 2, maddr);
4153+
CHECK_MEMORY_OVERFLOW(2);
41544154
CHECK_ATOMIC_MEMORY_ACCESS();
41554155

41564156
expect = (uint16)expect;
@@ -4161,7 +4161,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
41614161
shared_memory_unlock(memory);
41624162
}
41634163
else if (opcode == WASM_OP_ATOMIC_RMW_I64_CMPXCHG32_U) {
4164-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 4, maddr);
4164+
CHECK_MEMORY_OVERFLOW(4);
41654165
CHECK_ATOMIC_MEMORY_ACCESS();
41664166

41674167
expect = (uint32)expect;
@@ -4172,7 +4172,7 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
41724172
shared_memory_unlock(memory);
41734173
}
41744174
else {
4175-
CHECK_BULK_MEMORY_OVERFLOW(addr + offset, 8, maddr);
4175+
CHECK_MEMORY_OVERFLOW(8);
41764176
CHECK_ATOMIC_MEMORY_ACCESS();
41774177

41784178
shared_memory_lock(memory);

0 commit comments

Comments
 (0)