Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix an accidental regression from #697 #708

Merged
merged 2 commits into from
Aug 12, 2022

Conversation

alexcrichton
Copy link
Member

This commit fixes a regression introduced in #697 which could cause a
panic when validating an invalid wasm module. The issue introduced was
that a check that the control stack is non-empty was lost in
the refactoring of the operator validator. This check ran for every
single operator and verified that there was a frame on the control stack
that the operator could be attached to, otherwise it means instructions
were present after the end of the function.

The current design of VisitOperator doesn't have an easy place to slot
this in so I decided to fix this via a different route than was
implemented before. Anything which operates on the control stack now
checks to see if it's empty instead of asserting it's non-empty.
Operators which don't touch the control stack are then checked by
ensuring that the end opcode which emptied the control stack was the
last operator processed in the function.

This exposed a minor issue where when validating const expressions the
offset that was passed in as the final offset of the expression was
actually the first offset of the expression.

Additionally this adds some tests to exercise this corner case (unsure
why the spec test suite doesn't have them already!)

This commit fixes a regression introduced in bytecodealliance#697 which could cause a
panic when validating an invalid wasm module. The issue introduced was
that a [check that the control stack is non-empty][check] was lost in
the refactoring of the operator validator. This check ran for every
single operator and verified that there was a frame on the control stack
that the operator could be attached to, otherwise it means instructions
were present after the end of the function.

The current design of `VisitOperator` doesn't have an easy place to slot
this in so I decided to fix this via a different route than was
implemented before. Anything which operates on the control stack now
checks to see if it's empty instead of asserting it's non-empty.
Operators which don't touch the control stack are then checked by
ensuring that the `end` opcode which emptied the control stack was the
last operator processed in the function.

This exposed a minor issue where when validating const expressions the
offset that was passed in as the final offset of the expression was
actually the first offset of the expression.

Additionally this adds some tests to exercise this corner case (unsure
why the spec test suite doesn't have them already!)

[check]: https://github.com/bytecodealliance/wasm-tools/blob/8732e0bc8a579cd9f15d9134af997c5d3d95af5d/crates/wasmparser/src/validator/operators.rs#L581-L583
@fitzgen fitzgen merged commit 2f23f17 into bytecodealliance:main Aug 12, 2022
@alexcrichton alexcrichton deleted the fix-regression branch August 16, 2022 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants