[WebAssembly] Validate exports when parsing object files

Subscribers: jfb, dschuff, jgravelle-google, aheejin Differential Revision: https://reviews.llvm.org/D37358 llvm-svn: 312286
author: Sam Clegg <sbc@chromium.org> 2017-08-31 21:43:45 +0000
committer: Sam Clegg <sbc@chromium.org> 2017-08-31 21:43:45 +0000
commit: a3b9fe6acdf60b91b460358858daf57bdb88bdbd (patch)
tree: 35418c04a71ff8f058c3aa479cca1966b9d036b9 /llvm/lib/Object/WasmObjectFile.cpp
parent: 67419e39475f20e6b3164206f3233a0b1db896bf (diff)
download: llvm-a3b9fe6acdf60b91b460358858daf57bdb88bdbd.zip
llvm-a3b9fe6acdf60b91b460358858daf57bdb88bdbd.tar.gz
llvm-a3b9fe6acdf60b91b460358858daf57bdb88bdbd.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/llvm/lib/Object/WasmObjectFile.cpp b/llvm/lib/Object/WasmObjectFile.cpp
index 91fc613..8a2fb38 100644
--- a/llvm/lib/Object/WasmObjectFile.cpp
+++ b/llvm/lib/Object/WasmObjectFile.cpp
@@ -472,6 +472,7 @@ Error WasmObjectFile::parseImportSection(const uint8_t *Ptr, const uint8_t *End)
     Im.Kind = readUint8(Ptr);
     switch (Im.Kind) {
     case wasm::WASM_EXTERNAL_FUNCTION:
+      NumImportedFunctions++;
       Im.SigIndex = readVaruint32(Ptr);
       SymbolMap.try_emplace(Im.Field, Symbols.size());
       Symbols.emplace_back(Im.Field, WasmSymbol::SymbolType::FUNCTION_IMPORT,
@@ -480,6 +481,7 @@ Error WasmObjectFile::parseImportSection(const uint8_t *Ptr, const uint8_t *End)
                    << " sym index:" << Symbols.size() << "\n");
       break;
     case wasm::WASM_EXTERNAL_GLOBAL:
+      NumImportedGlobals++;
       Im.Global.Type = readVarint7(Ptr);
       Im.Global.Mutable = readVaruint1(Ptr);
       SymbolMap.try_emplace(Im.Field, Symbols.size());
@@ -580,10 +582,16 @@ Error WasmObjectFile::parseExportSection(const uint8_t *Ptr, const uint8_t *End)
     switch (Ex.Kind) {
     case wasm::WASM_EXTERNAL_FUNCTION:
       ExportType = WasmSymbol::SymbolType::FUNCTION_EXPORT;
+      if (Ex.Index >= FunctionTypes.size() + NumImportedFunctions)
+        return make_error<GenericBinaryError>("Invalid function export",
+                                              object_error::parse_failed);
       MakeSymbol = true;
       break;
     case wasm::WASM_EXTERNAL_GLOBAL:
       ExportType = WasmSymbol::SymbolType::GLOBAL_EXPORT;
+      if (Ex.Index >= Globals.size() + NumImportedGlobals)
+        return make_error<GenericBinaryError>("Invalid global export",
+                                              object_error::parse_failed);
       MakeSymbol = true;
       break;
     case wasm::WASM_EXTERNAL_MEMORY:
author	Sam Clegg <sbc@chromium.org>	2017-08-31 21:43:45 +0000
committer	Sam Clegg <sbc@chromium.org>	2017-08-31 21:43:45 +0000
commit	a3b9fe6acdf60b91b460358858daf57bdb88bdbd (patch)
tree	35418c04a71ff8f058c3aa479cca1966b9d036b9 /llvm/lib/Object/WasmObjectFile.cpp
parent	67419e39475f20e6b3164206f3233a0b1db896bf (diff)
download	llvm-a3b9fe6acdf60b91b460358858daf57bdb88bdbd.zip llvm-a3b9fe6acdf60b91b460358858daf57bdb88bdbd.tar.gz llvm-a3b9fe6acdf60b91b460358858daf57bdb88bdbd.tar.bz2