[PATCH] D43954: [WebAssembly] Check function type indexes

Nicholas Wilson via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Mar 2 06:38:00 PST 2018 

This revision was automatically updated to reflect the committed changes.
Closed by commit rL326577: [WebAssembly] Check function type indexes (authored by ncw, committed by ).

Changed prior to commit:
  https://reviews.llvm.org/D43954?vs=136556&id=136738#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D43954

Files:
  llvm/trunk/lib/Object/WasmObjectFile.cpp
  llvm/trunk/test/ObjectYAML/wasm/export_section.yaml
  llvm/trunk/test/ObjectYAML/wasm/function_section.yaml


Index: llvm/trunk/test/ObjectYAML/wasm/function_section.yaml
===================================================================
--- llvm/trunk/test/ObjectYAML/wasm/function_section.yaml
+++ llvm/trunk/test/ObjectYAML/wasm/function_section.yaml
@@ -3,6 +3,15 @@
 FileHeader:
   Version:         0x00000001
 Sections:
+  - Type:            TYPE
+    Signatures:
+      - Index:           0
+        ReturnType:      NORESULT
+        ParamTypes:
+      - Index:           1
+        ReturnType:      NORESULT
+        ParamTypes:
+          - I32
   - Type:            FUNCTION
     FunctionTypes: [ 1, 0 ]
 ...
Index: llvm/trunk/test/ObjectYAML/wasm/export_section.yaml
===================================================================
--- llvm/trunk/test/ObjectYAML/wasm/export_section.yaml
+++ llvm/trunk/test/ObjectYAML/wasm/export_section.yaml
@@ -3,6 +3,11 @@
 FileHeader:
   Version:         0x00000001
 Sections:
+  - Type:            TYPE
+    Signatures:
+      - Index:           0
+        ReturnType:      NORESULT
+        ParamTypes:
   - Type:            FUNCTION
     FunctionTypes: [ 0, 0 ]
   - Type:            GLOBAL
Index: llvm/trunk/lib/Object/WasmObjectFile.cpp
===================================================================
--- llvm/trunk/lib/Object/WasmObjectFile.cpp
+++ llvm/trunk/lib/Object/WasmObjectFile.cpp
@@ -670,8 +670,13 @@
 Error WasmObjectFile::parseFunctionSection(const uint8_t *Ptr, const uint8_t *End) {
   uint32_t Count = readVaruint32(Ptr);
   FunctionTypes.reserve(Count);
+  uint32_t NumTypes = Signatures.size();
   while (Count--) {
-    FunctionTypes.push_back(readVaruint32(Ptr));
+    uint32_t Type = readVaruint32(Ptr);
+    if (Type >= NumTypes)
+      return make_error<GenericBinaryError>("Invalid function type",
+                                            object_error::parse_failed);
+    FunctionTypes.push_back(Type);
   }
   if (Ptr != End)
     return make_error<GenericBinaryError>("Function section ended prematurely",


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D43954.136738.patch
Type: text/x-patch
Size: 1991 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180302/0ef64c30/attachment.bin>

More information about the llvm-commits mailing list