[WebAssembly] Validate exports when parsing object files

author Sam Clegg <sbc@chromium.org>

Thu, 31 Aug 2017 21:43:45 +0000 (21:43 +0000)

committer Sam Clegg <sbc@chromium.org>

Thu, 31 Aug 2017 21:43:45 +0000 (21:43 +0000)
author Sam Clegg <sbc@chromium.org>
Thu, 31 Aug 2017 21:43:45 +0000 (21:43 +0000)
committer Sam Clegg <sbc@chromium.org>
Thu, 31 Aug 2017 21:43:45 +0000 (21:43 +0000)
diff --git a/include/llvm/Object/Wasm.h b/include/llvm/Object/Wasm.h

index 07ee4a4d6c4dade1fc7034865e1522489ca48fc9..410e63c2a293cb930d141374aa555d7dd908d6be 100644 (file)
--- a/include/llvm/Object/Wasm.h
+++ b/include/llvm/Object/Wasm.h
@@ -221,6 +221,8 @@ private:
    uint32_t StartFunction = -1;
    bool HasLinkingSection = false;
    wasm::WasmLinkingData LinkingData;
+  uint32_t NumImportedGlobals = 0;
+  uint32_t NumImportedFunctions = 0;
  
    StringMap<uint32_t> SymbolMap;
  };
diff --git a/lib/Object/WasmObjectFile.cpp b/lib/Object/WasmObjectFile.cpp

index 91fc6138cd6cea2aa454a5cc5f84716684d1a38a..8a2fb38f58ac8c9c44302ab5c6b5d15fd9fa3732 100644 (file)
--- a/lib/Object/WasmObjectFile.cpp
+++ b/lib/Object/WasmObjectFile.cpp
@@ -472,6 +472,7 @@ Error WasmObjectFile::parseImportSection(const uint8_t *Ptr, const uint8_t *End)
      Im.Kind = readUint8(Ptr);
      switch (Im.Kind) {
      case wasm::WASM_EXTERNAL_FUNCTION:
+      NumImportedFunctions++;
        Im.SigIndex = readVaruint32(Ptr);
        SymbolMap.try_emplace(Im.Field, Symbols.size());
        Symbols.emplace_back(Im.Field, WasmSymbol::SymbolType::FUNCTION_IMPORT,
@@ -480,6 +481,7 @@ Error WasmObjectFile::parseImportSection(const uint8_t *Ptr, const uint8_t *End)
                     << " sym index:" << Symbols.size() << "\n");
        break;
      case wasm::WASM_EXTERNAL_GLOBAL:
+      NumImportedGlobals++;
        Im.Global.Type = readVarint7(Ptr);
        Im.Global.Mutable = readVaruint1(Ptr);
        SymbolMap.try_emplace(Im.Field, Symbols.size());
@@ -580,10 +582,16 @@ Error WasmObjectFile::parseExportSection(const uint8_t *Ptr, const uint8_t *End)
      switch (Ex.Kind) {
      case wasm::WASM_EXTERNAL_FUNCTION:
        ExportType = WasmSymbol::SymbolType::FUNCTION_EXPORT;
+      if (Ex.Index >= FunctionTypes.size() + NumImportedFunctions)
+        return make_error<GenericBinaryError>("Invalid function export",
+                                              object_error::parse_failed);
        MakeSymbol = true;
        break;
      case wasm::WASM_EXTERNAL_GLOBAL:
        ExportType = WasmSymbol::SymbolType::GLOBAL_EXPORT;
+      if (Ex.Index >= Globals.size() + NumImportedGlobals)
+        return make_error<GenericBinaryError>("Invalid global export",
+                                              object_error::parse_failed);
        MakeSymbol = true;
        break;
      case wasm::WASM_EXTERNAL_MEMORY:
diff --git a/test/ObjectYAML/wasm/export_section.yaml b/test/ObjectYAML/wasm/export_section.yaml

index 89ebee328246949c9c9addd11c4583f35864a98a..8c5f57c29920aaf9c134b57cba9b817ad8f79d57 100644 (file)
--- a/test/ObjectYAML/wasm/export_section.yaml
+++ b/test/ObjectYAML/wasm/export_section.yaml
@@ -3,6 +3,20 @@
  FileHeader:
    Version:         0x00000001
  Sections:
+  - Type:            FUNCTION
+    FunctionTypes: [ 0, 0 ]
+  - Type:            GLOBAL
+    Globals:
+      - Type:        I32
+        Mutable:     false
+        InitExpr:
+          Opcode:          I64_CONST
+          Value:           32
+      - Type:        I32
+        Mutable:     false
+        InitExpr:
+          Opcode:          I64_CONST
+          Value:           64
    - Type:            EXPORT
      Exports:         
        - Name:            function_export
diff --git a/test/ObjectYAML/wasm/invalid_export.yaml b/test/ObjectYAML/wasm/invalid_export.yaml

new file mode 100644 (file)

index 0000000..a61f8c4
--- /dev/null
+++ b/test/ObjectYAML/wasm/invalid_export.yaml
@@ -0,0 +1,13 @@
+# RUN: yaml2obj < %s | not obj2yaml 2>&1 | FileCheck %s
+
+--- !WASM
+FileHeader:
+  Version:         0x00000001
+Sections:
+  - Type:            EXPORT
+    Exports:
+      - Name:            invalid_function_index
+        Kind:            FUNCTION
+        Index:           0x00000001
+
+# CHECK: Error reading file: <stdin>: Invalid function export
diff --git a/test/tools/llvm-nm/wasm/exports.yaml b/test/tools/llvm-nm/wasm/exports.yaml

index c8cb2db0db73274a75f63085ef6746b4dc6cbd69..6d2f12d1feba31fb2ce6dd02b87c64bf744b3e96 100644 (file)
--- a/test/tools/llvm-nm/wasm/exports.yaml
+++ b/test/tools/llvm-nm/wasm/exports.yaml
@@ -12,6 +12,25 @@ Sections:
        - ReturnType:      I32
          ParamTypes:
            - I32
+  - Type:            FUNCTION
+    FunctionTypes: [ 0, 0, 0, 0, 0 ]
+  - Type:            GLOBAL
+    Globals:
+      - Type:        I32
+        Mutable:     false
+        InitExpr:
+          Opcode:          I64_CONST
+          Value:           32
+      - Type:        I32
+        Mutable:     false
+        InitExpr:
+          Opcode:          I64_CONST
+          Value:           64
+      - Type:        I32
+        Mutable:     false
+        InitExpr:
+          Opcode:          I64_CONST
+          Value:           1024
    - Type:            EXPORT
      Exports:
        - Name:            foo
diff --git a/test/tools/llvm-nm/wasm/weak-symbols.yaml b/test/tools/llvm-nm/wasm/weak-symbols.yaml

index d46ca1afe8ead5af53d79f6fb1843190dc69a7fd..b0796d607e5194ac2770f30289f2e0c4be3720d0 100644 (file)
--- a/test/tools/llvm-nm/wasm/weak-symbols.yaml
+++ b/test/tools/llvm-nm/wasm/weak-symbols.yaml
@@ -12,6 +12,8 @@ Sections:
        - ReturnType:      I32
          ParamTypes:
            - I32
+  - Type:            FUNCTION
+    FunctionTypes: [ 0, 0, 0, 0 ]
    - Type:            IMPORT
      Imports:
        - Module:          env
@@ -23,6 +25,23 @@ Sections:
          Kind:            GLOBAL
          GlobalType:      I32
          GlobalMutable:   false
+  - Type:            GLOBAL
+    Globals:
+      - Type:        I32
+        Mutable:     false
+        InitExpr:
+          Opcode:          I64_CONST
+          Value:           32
+      - Type:        I32
+        Mutable:     false
+        InitExpr:
+          Opcode:          I64_CONST
+          Value:           64
+      - Type:        I32
+        Mutable:     false
+        InitExpr:
+          Opcode:          I64_CONST
+          Value:           1024
    - Type:            EXPORT
      Exports:
        - Name:            weak_global_func
author	Sam Clegg <sbc@chromium.org>
	Thu, 31 Aug 2017 21:43:45 +0000 (21:43 +0000)
committer	Sam Clegg <sbc@chromium.org>
	Thu, 31 Aug 2017 21:43:45 +0000 (21:43 +0000)
include/llvm/Object/Wasm.h		patch \| blob \| history
lib/Object/WasmObjectFile.cpp		patch \| blob \| history
test/ObjectYAML/wasm/export_section.yaml		patch \| blob \| history
test/ObjectYAML/wasm/invalid_export.yaml	[new file with mode: 0644]	patch \| blob
test/tools/llvm-nm/wasm/exports.yaml		patch \| blob \| history
test/tools/llvm-nm/wasm/weak-symbols.yaml		patch \| blob \| history