Add counter for Sandbox instances seen and prevent loading libraries …

…after init
libriscv · Nov 20, 2024 · c4686b0 · c4686b0
1 parent 751db18
commit c4686b0
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/src/sandbox.cpp b/src/sandbox.cpp
@@ -221,7 +221,8 @@ Sandbox::Sandbox() {
 	}
 	this->constructor_initialize();
 	this->m_tree_base = this;
-	this->m_global_instance_count += 1;
+	this->m_global_instances_current += 1;
+	this->m_global_instances_seen += 1;
 	// In order to reduce checks we guarantee that this
 	// class is well-formed at all times.
 	this->reset_machine();
@@ -237,7 +238,7 @@ Sandbox::~Sandbox() {
 	if (this->is_in_vmcall()) {
 		ERR_PRINT("Sandbox instance destroyed while a VM call is in progress.");
 	}
-	this->m_global_instance_count -= 1;
+	this->m_global_instances_current -= 1;
 	this->set_program_data_internal(nullptr);
 	try {
 		if (this->m_machine != dummy_machine)

diff --git a/src/sandbox.h b/src/sandbox.h
@@ -154,7 +154,7 @@ class Sandbox : public Node {
 
 	/// @brief Get the global instance count of all sandbox instances.
 	/// @return The global instance count.
-	static uint64_t get_global_instance_count() { return m_global_instance_count; }
+	static uint64_t get_global_instance_count() { return m_global_instances_current; }
 
 	/// @brief Get the globally accumulated startup time of all sandbox instantiations.
 	/// @return The accumulated startup time.
@@ -563,7 +563,8 @@ class Sandbox : public Node {
 	static inline uint64_t m_global_timeouts = 0;
 	static inline uint64_t m_global_exceptions = 0;
 	static inline uint64_t m_global_calls_made = 0;
-	static inline uint32_t m_global_instance_count = 0;
+	static inline uint32_t m_global_instances_current = 0; // Counts the number of current instances
+	static inline uint32_t m_global_instances_seen = 0; // Incremented for each instance created
 	static inline double m_accumulated_startup_time = 0.0;
 };
 

diff --git a/src/sandbox_bintr.cpp b/src/sandbox_bintr.cpp
@@ -62,6 +62,11 @@ String Sandbox::emit_binary_translation(bool ignore_instruction_limit, bool auto
 }
 
 bool Sandbox::load_binary_translation(const String &shared_library_path) {
+	if (m_global_instances_seen > 0) {
+		ERR_PRINT("Sandbox: Loading shared libraries after Sandbox instances have been created is a security risk."
+			"Please load shared libraries before creating any Sandbox instances.");
+		return false;
+	}
 #ifdef RISCV_BINARY_TRANSLATION
 	// Load the shared library on platforms that support it
 #  if defined(__linux__) || defined(YEP_IS_WINDOWS) || defined(YEP_IS_OSX)