From: Sam Clegg Date: Thu, 31 Aug 2017 21:43:45 +0000 (+0000) Subject: [WebAssembly] Validate exports when parsing object files X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=209d3c2d39caebe62f6f82160bbc6f8c89b7e28a;p=llvm [WebAssembly] Validate exports when parsing object files Subscribers: jfb, dschuff, jgravelle-google, aheejin Differential Revision: https://reviews.llvm.org/D37358 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@312286 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/llvm/Object/Wasm.h b/include/llvm/Object/Wasm.h index 07ee4a4d6c4..410e63c2a29 100644 --- a/include/llvm/Object/Wasm.h +++ b/include/llvm/Object/Wasm.h @@ -221,6 +221,8 @@ private: uint32_t StartFunction = -1; bool HasLinkingSection = false; wasm::WasmLinkingData LinkingData; + uint32_t NumImportedGlobals = 0; + uint32_t NumImportedFunctions = 0; StringMap SymbolMap; }; diff --git a/lib/Object/WasmObjectFile.cpp b/lib/Object/WasmObjectFile.cpp index 91fc6138cd6..8a2fb38f58a 100644 --- a/lib/Object/WasmObjectFile.cpp +++ b/lib/Object/WasmObjectFile.cpp @@ -472,6 +472,7 @@ Error WasmObjectFile::parseImportSection(const uint8_t *Ptr, const uint8_t *End) Im.Kind = readUint8(Ptr); switch (Im.Kind) { case wasm::WASM_EXTERNAL_FUNCTION: + NumImportedFunctions++; Im.SigIndex = readVaruint32(Ptr); SymbolMap.try_emplace(Im.Field, Symbols.size()); Symbols.emplace_back(Im.Field, WasmSymbol::SymbolType::FUNCTION_IMPORT, @@ -480,6 +481,7 @@ Error WasmObjectFile::parseImportSection(const uint8_t *Ptr, const uint8_t *End) << " sym index:" << Symbols.size() << "\n"); break; case wasm::WASM_EXTERNAL_GLOBAL: + NumImportedGlobals++; Im.Global.Type = readVarint7(Ptr); Im.Global.Mutable = readVaruint1(Ptr); SymbolMap.try_emplace(Im.Field, Symbols.size()); @@ -580,10 +582,16 @@ Error WasmObjectFile::parseExportSection(const uint8_t *Ptr, const uint8_t *End) switch (Ex.Kind) { case wasm::WASM_EXTERNAL_FUNCTION: ExportType = WasmSymbol::SymbolType::FUNCTION_EXPORT; + if (Ex.Index >= FunctionTypes.size() + NumImportedFunctions) + return make_error("Invalid function export", + object_error::parse_failed); MakeSymbol = true; break; case wasm::WASM_EXTERNAL_GLOBAL: ExportType = WasmSymbol::SymbolType::GLOBAL_EXPORT; + if (Ex.Index >= Globals.size() + NumImportedGlobals) + return make_error("Invalid global export", + object_error::parse_failed); MakeSymbol = true; break; case wasm::WASM_EXTERNAL_MEMORY: diff --git a/test/ObjectYAML/wasm/export_section.yaml b/test/ObjectYAML/wasm/export_section.yaml index 89ebee32824..8c5f57c2992 100644 --- a/test/ObjectYAML/wasm/export_section.yaml +++ b/test/ObjectYAML/wasm/export_section.yaml @@ -3,6 +3,20 @@ FileHeader: Version: 0x00000001 Sections: + - Type: FUNCTION + FunctionTypes: [ 0, 0 ] + - Type: GLOBAL + Globals: + - Type: I32 + Mutable: false + InitExpr: + Opcode: I64_CONST + Value: 32 + - Type: I32 + Mutable: false + InitExpr: + Opcode: I64_CONST + Value: 64 - Type: EXPORT Exports: - Name: function_export diff --git a/test/ObjectYAML/wasm/invalid_export.yaml b/test/ObjectYAML/wasm/invalid_export.yaml new file mode 100644 index 00000000000..a61f8c4cfde --- /dev/null +++ b/test/ObjectYAML/wasm/invalid_export.yaml @@ -0,0 +1,13 @@ +# RUN: yaml2obj < %s | not obj2yaml 2>&1 | FileCheck %s + +--- !WASM +FileHeader: + Version: 0x00000001 +Sections: + - Type: EXPORT + Exports: + - Name: invalid_function_index + Kind: FUNCTION + Index: 0x00000001 + +# CHECK: Error reading file: : Invalid function export diff --git a/test/tools/llvm-nm/wasm/exports.yaml b/test/tools/llvm-nm/wasm/exports.yaml index c8cb2db0db7..6d2f12d1feb 100644 --- a/test/tools/llvm-nm/wasm/exports.yaml +++ b/test/tools/llvm-nm/wasm/exports.yaml @@ -12,6 +12,25 @@ Sections: - ReturnType: I32 ParamTypes: - I32 + - Type: FUNCTION + FunctionTypes: [ 0, 0, 0, 0, 0 ] + - Type: GLOBAL + Globals: + - Type: I32 + Mutable: false + InitExpr: + Opcode: I64_CONST + Value: 32 + - Type: I32 + Mutable: false + InitExpr: + Opcode: I64_CONST + Value: 64 + - Type: I32 + Mutable: false + InitExpr: + Opcode: I64_CONST + Value: 1024 - Type: EXPORT Exports: - Name: foo diff --git a/test/tools/llvm-nm/wasm/weak-symbols.yaml b/test/tools/llvm-nm/wasm/weak-symbols.yaml index d46ca1afe8e..b0796d607e5 100644 --- a/test/tools/llvm-nm/wasm/weak-symbols.yaml +++ b/test/tools/llvm-nm/wasm/weak-symbols.yaml @@ -12,6 +12,8 @@ Sections: - ReturnType: I32 ParamTypes: - I32 + - Type: FUNCTION + FunctionTypes: [ 0, 0, 0, 0 ] - Type: IMPORT Imports: - Module: env @@ -23,6 +25,23 @@ Sections: Kind: GLOBAL GlobalType: I32 GlobalMutable: false + - Type: GLOBAL + Globals: + - Type: I32 + Mutable: false + InitExpr: + Opcode: I64_CONST + Value: 32 + - Type: I32 + Mutable: false + InitExpr: + Opcode: I64_CONST + Value: 64 + - Type: I32 + Mutable: false + InitExpr: + Opcode: I64_CONST + Value: 1024 - Type: EXPORT Exports: - Name: weak_global_func