ubsan: wasm: shift is too large for 64-bit type 'bfd_vma'
bfd/ * wasm-module.c (wasm_read_leb128): Don't allow oversize shifts. Catch value overflow. Sign extend only on terminating byte. opcodes/ * wasm32-dis.c (wasm_read_leb128): Don't allow oversize shifts. Catch value overflow. Sign extend only on terminating byte.
This commit is contained in:
parent
09b0d8a75f
commit
27c1c4271a
@ -1,3 +1,8 @@
|
||||
2019-12-23 Alan Modra <amodra@gmail.com>
|
||||
|
||||
* wasm-module.c (wasm_read_leb128): Don't allow oversize shifts.
|
||||
Catch value overflow. Sign extend only on terminating byte.
|
||||
|
||||
2019-12-20 Alan Modra <amodra@gmail.com>
|
||||
|
||||
* xtensa-isa.c (xtensa_insnbuf_from_chars): Avoid signed overflow.
|
||||
|
@ -111,18 +111,28 @@ wasm_read_leb128 (bfd * abfd,
|
||||
unsigned int num_read = 0;
|
||||
unsigned int shift = 0;
|
||||
unsigned char byte = 0;
|
||||
bfd_boolean success = FALSE;
|
||||
int status = 1;
|
||||
|
||||
while (bfd_bread (&byte, 1, abfd) == 1)
|
||||
{
|
||||
num_read++;
|
||||
|
||||
if (shift < sizeof (result) * 8)
|
||||
{
|
||||
result |= ((bfd_vma) (byte & 0x7f)) << shift;
|
||||
|
||||
if ((result >> shift) != (byte & 0x7f))
|
||||
/* Overflow. */
|
||||
status |= 2;
|
||||
shift += 7;
|
||||
}
|
||||
else if ((byte & 0x7f) != 0)
|
||||
status |= 2;
|
||||
|
||||
if ((byte & 0x80) == 0)
|
||||
{
|
||||
success = TRUE;
|
||||
status &= ~1;
|
||||
if (sign && (shift < 8 * sizeof (result)) && (byte & 0x40))
|
||||
result |= -((bfd_vma) 1 << shift);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -130,10 +140,7 @@ wasm_read_leb128 (bfd * abfd,
|
||||
if (length_return != NULL)
|
||||
*length_return = num_read;
|
||||
if (error_return != NULL)
|
||||
*error_return = ! success;
|
||||
|
||||
if (sign && (shift < 8 * sizeof (result)) && (byte & 0x40))
|
||||
result |= -((bfd_vma) 1 << shift);
|
||||
*error_return = status != 0;
|
||||
|
||||
return result;
|
||||
}
|
||||
|
@ -1,3 +1,8 @@
|
||||
2019-12-23 Alan Modra <amodra@gmail.com>
|
||||
|
||||
* wasm32-dis.c (wasm_read_leb128): Don't allow oversize shifts.
|
||||
Catch value overflow. Sign extend only on terminating byte.
|
||||
|
||||
2019-12-20 Alan Modra <amodra@gmail.com>
|
||||
|
||||
PR 25281
|
||||
|
@ -192,18 +192,28 @@ wasm_read_leb128 (bfd_vma pc,
|
||||
unsigned int num_read = 0;
|
||||
unsigned int shift = 0;
|
||||
unsigned char byte = 0;
|
||||
bfd_boolean success = FALSE;
|
||||
int status = 1;
|
||||
|
||||
while (info->read_memory_func (pc + num_read, &byte, 1, info) == 0)
|
||||
{
|
||||
num_read++;
|
||||
|
||||
result |= ((bfd_vma) (byte & 0x7f)) << shift;
|
||||
|
||||
if (shift < sizeof (result) * 8)
|
||||
{
|
||||
result |= ((uint64_t) (byte & 0x7f)) << shift;
|
||||
if ((result >> shift) != (byte & 0x7f))
|
||||
/* Overflow. */
|
||||
status |= 2;
|
||||
shift += 7;
|
||||
}
|
||||
else if ((byte & 0x7f) != 0)
|
||||
status |= 2;
|
||||
|
||||
if ((byte & 0x80) == 0)
|
||||
{
|
||||
success = TRUE;
|
||||
status &= ~1;
|
||||
if (sign && (shift < 8 * sizeof (result)) && (byte & 0x40))
|
||||
result |= -((uint64_t) 1 << shift);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -211,10 +221,7 @@ wasm_read_leb128 (bfd_vma pc,
|
||||
if (length_return != NULL)
|
||||
*length_return = num_read;
|
||||
if (error_return != NULL)
|
||||
*error_return = ! success;
|
||||
|
||||
if (sign && (shift < 8 * sizeof (result)) && (byte & 0x40))
|
||||
result |= -((uint64_t) 1 << shift);
|
||||
*error_return = status != 0;
|
||||
|
||||
return result;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user