projects / binutils-gdb.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: df08b58) | patch
ubsan: wasm32: signed integer overflow
authorAlan Modra <amodra@gmail.com>
Mon, 13 Jan 2020 03:57:19 +0000 (14:27 +1030)
committerAlan Modra <amodra@gmail.com>
Mon, 13 Jan 2020 06:14:27 +0000 (16:44 +1030)
commitfebda64f152972d8edf0147fb29f89b02f6a4cf9
tree530633bd36c29a3fd0715e8658777f665385aa9atree
parentdf08b5881b4972d78f9a2069955dad5b12bc972ecommit | diff
ubsan: wasm32: signed integer overflow

The signed integer overflow occurred when adding one to target_count
  for (i = 0; i < target_count + 1; i++)
but that's the least of the worries here.  target_count was long and i
int, leading to the possibility of a loop that never ended.

So to avoid this type of vulnerability, this patch uses what I believe
to be the proper types for arguments of various wasm32 opcodes, rather
than using "long" which may change in size.

gas/
* testsuite/gas/wasm32/allinsn.d: Update expected output.
opcodes/
* wasm32-dis.c (print_insn_wasm32): Localise variables.  Store
result of wasm_read_leb128 in a uint64_t and check that bits
are not lost when copying to other locals.  Use uint32_t for
most locals.  Use PRId64 when printing int64_t.
gas/ChangeLog diff | blob | history
gas/testsuite/gas/wasm32/allinsn.d diff | blob | history
opcodes/ChangeLog diff | blob | history
opcodes/wasm32-dis.c diff | blob | history