<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - wasm: zero initialized arrays get encoded in data section"

   href="https://bugs.llvm.org/show_bug.cgi?id=43673">43673</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>wasm: zero initialized arrays get encoded in data section

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>9.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Macintosh

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Backend: WebAssembly

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>geert.aj.custers@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=22669" name="attach_22669" title="source that causes the bug">attachment 22669</a> <a href="attachment.cgi?id=22669&action=edit" title="source that causes the bug">[details]</a></span>

source that causes the bug

Hello,

At the moment the value of global arrays get encoded into the data section of a

wasm module, without it being needed. Memory is guaranteed to be zero

initialized by the wasm spec. The result of this is that large zero initialized

arrays still get inlcuded in the data section of the module, leading to

extremely large binaries.

Attached is an example program that showcases the issue. Compiling the source

code results in a binary of size 9.5MB, mostly consisting of zeroes.

Mutliplying the "number" variable by 10 increases the binary size to 95MB.

Clearly, adding a bunch more zeroes can lead to large binaries, so this could

be seen as an amplification attack...

I would expect clang/llvm to only describe the array in the globals section,

and not to paste the whole contents of the array in the data section if the

array is zero.

Regards,

Geert</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>