Fix address overflow bug in wasm2c #1401

binji · 2020-04-29T00:15:34Z

This only occurs when the immediate offset is small (int sized). The
stack offset is u32 and the immediate is an int, so the usual
arithmetic conversions converts the result to a u32, which wraps the
address before checking for overflow.

There are already spec tests for overflow, but these use an offset of
4294967295, which is long (at least on LP64 systems). This means
that the sum's type is u32 + long which is long. This is why the
tests pass. I've added additional tests for these cases here:
WebAssembly/spec#1188

This fixes issue #1400.

This only occurs when the immediate offset is small (`int` sized). The stack offset is `u32` and the immediate is an `int`, so the usual arithmetic conversions converts the result to a `u32`, which wraps the address before checking for overflow. There are already spec tests for overflow, but these use an offset of `4294967295`, which is `long` (at least on LP64 systems). This means that the sum's type is `u32 + long` which is `long`. This is why the tests pass. I've added additional tests for these cases here: WebAssembly/spec#1188 This fixes issue #1400.

binji requested a review from sbc100 April 29, 2020 00:15

sbc100 approved these changes Apr 29, 2020

View reviewed changes

binji merged commit 5c48f3b into master Apr 29, 2020

binji deleted the wasm2c-address-overflow branch April 29, 2020 07:31

kripken mentioned this pull request Apr 29, 2020

wasm2c load/store offset calculation #1400

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix address overflow bug in wasm2c #1401

Fix address overflow bug in wasm2c #1401

binji commented Apr 29, 2020

Fix address overflow bug in wasm2c #1401

Fix address overflow bug in wasm2c #1401

Conversation

binji commented Apr 29, 2020