[WebAssembly] Check function type indexes

author Nicholas Wilson <nicholas@nicholaswilson.me.uk>

Fri, 2 Mar 2018 14:35:29 +0000 (14:35 +0000)

committer Nicholas Wilson <nicholas@nicholaswilson.me.uk>

Fri, 2 Mar 2018 14:35:29 +0000 (14:35 +0000)
author Nicholas Wilson <nicholas@nicholaswilson.me.uk>
Fri, 2 Mar 2018 14:35:29 +0000 (14:35 +0000)
committer Nicholas Wilson <nicholas@nicholaswilson.me.uk>
Fri, 2 Mar 2018 14:35:29 +0000 (14:35 +0000)
diff --git a/lib/Object/WasmObjectFile.cpp b/lib/Object/WasmObjectFile.cpp

index b47d6bb..491a4cf 100644 (file)
--- a/lib/Object/WasmObjectFile.cpp
+++ b/lib/Object/WasmObjectFile.cpp
@@ -670,8 +670,13 @@ Error WasmObjectFile::parseImportSection(const uint8_t *Ptr, const uint8_t *End)
  Error WasmObjectFile::parseFunctionSection(const uint8_t *Ptr, const uint8_t *End) {
    uint32_t Count = readVaruint32(Ptr);
    FunctionTypes.reserve(Count);
+  uint32_t NumTypes = Signatures.size();
    while (Count--) {
-    FunctionTypes.push_back(readVaruint32(Ptr));
+    uint32_t Type = readVaruint32(Ptr);
+    if (Type >= NumTypes)
+      return make_error<GenericBinaryError>("Invalid function type",
+                                            object_error::parse_failed);
+    FunctionTypes.push_back(Type);
    }
    if (Ptr != End)
      return make_error<GenericBinaryError>("Function section ended prematurely",
diff --git a/test/ObjectYAML/wasm/export_section.yaml b/test/ObjectYAML/wasm/export_section.yaml

index 4dd62bd..5e0d6d4 100644 (file)
--- a/test/ObjectYAML/wasm/export_section.yaml
+++ b/test/ObjectYAML/wasm/export_section.yaml
@@ -3,6 +3,11 @@
  FileHeader:
    Version:         0x00000001
  Sections:
+  - Type:            TYPE
+    Signatures:
+      - Index:           0
+        ReturnType:      NORESULT
+        ParamTypes:
    - Type:            FUNCTION
      FunctionTypes: [ 0, 0 ]
    - Type:            GLOBAL
diff --git a/test/ObjectYAML/wasm/function_section.yaml b/test/ObjectYAML/wasm/function_section.yaml

index 571b762..0db0afd 100644 (file)
--- a/test/ObjectYAML/wasm/function_section.yaml
+++ b/test/ObjectYAML/wasm/function_section.yaml
@@ -3,6 +3,15 @@
  FileHeader:
    Version:         0x00000001
  Sections:
+  - Type:            TYPE
+    Signatures:
+      - Index:           0
+        ReturnType:      NORESULT
+        ParamTypes:
+      - Index:           1
+        ReturnType:      NORESULT
+        ParamTypes:
+          - I32
    - Type:            FUNCTION
      FunctionTypes: [ 1, 0 ]
  ...
author	Nicholas Wilson <nicholas@nicholaswilson.me.uk>
	Fri, 2 Mar 2018 14:35:29 +0000 (14:35 +0000)
committer	Nicholas Wilson <nicholas@nicholaswilson.me.uk>
	Fri, 2 Mar 2018 14:35:29 +0000 (14:35 +0000)
lib/Object/WasmObjectFile.cpp		patch \| blob \| history
test/ObjectYAML/wasm/export_section.yaml		patch \| blob \| history
test/ObjectYAML/wasm/function_section.yaml		patch \| blob \| history