From 2d0ed54931bfb168c858de36743f207ddf03b533 Mon Sep 17 00:00:00 2001 From: Takeshi Yoneda Date: Fri, 15 Jul 2022 10:56:38 +0900 Subject: [PATCH] interpreter: signed-extend to 32-bit in SignExtend32 (#701) Signed-off-by: Takeshi Yoneda --- internal/engine/interpreter/interpreter.go | 4 +-- .../fuzzcases/fuzzcases_test.go | 30 ++++++++++++++++++ .../fuzzcases/testdata/701.wasm | Bin 0 -> 89 bytes .../fuzzcases/testdata/701.wat | 19 +++++++++++ 4 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 internal/integration_test/fuzzcases/testdata/701.wasm create mode 100644 internal/integration_test/fuzzcases/testdata/701.wat diff --git a/internal/engine/interpreter/interpreter.go b/internal/engine/interpreter/interpreter.go index 80b45978..75cbdbcc 100644 --- a/internal/engine/interpreter/interpreter.go +++ b/internal/engine/interpreter/interpreter.go @@ -1785,11 +1785,11 @@ func (ce *callEngine) callNativeFunc(ctx context.Context, callCtx *wasm.CallCont } frame.pc++ case wazeroir.OperationKindSignExtend32From8: - v := int32(int8(ce.popValue())) + v := uint32(int8(ce.popValue())) ce.pushValue(uint64(v)) frame.pc++ case wazeroir.OperationKindSignExtend32From16: - v := int32(int16(ce.popValue())) + v := uint32(int16(ce.popValue())) ce.pushValue(uint64(v)) frame.pc++ case wazeroir.OperationKindSignExtend64From8: diff --git a/internal/integration_test/fuzzcases/fuzzcases_test.go b/internal/integration_test/fuzzcases/fuzzcases_test.go index 456b5af7..1eb28c35 100644 --- a/internal/integration_test/fuzzcases/fuzzcases_test.go +++ b/internal/integration_test/fuzzcases/fuzzcases_test.go @@ -19,6 +19,8 @@ var ( case696 []byte //go:embed testdata/699.wasm case699 []byte + //go:embed testdata/701.wasm + case701 []byte ) func newRuntimeCompiler() wazero.Runtime { @@ -112,3 +114,31 @@ func Test699(t *testing.T) { }) } } + +// Test701 requires two functions to exit with "out of bounds memory access" consistently across the implementations. +func Test701(t *testing.T) { + if !platform.CompilerSupported() { + return + } + + for _, tc := range []struct { + name string + r wazero.Runtime + }{ + {name: "compiler", r: newRuntimeCompiler()}, + {name: "interpreter", r: newRuntimeInterpreter()}, + } { + tc := tc + t.Run(tc.name, func(t *testing.T) { + defer tc.r.Close(ctx) + module, err := tc.r.InstantiateModuleFromBinary(ctx, case701) + require.NoError(t, err) + + _, err = module.ExportedFunction("i32.extend16_s").Call(ctx) + require.Contains(t, err.Error(), "out of bounds memory access") + + _, err = module.ExportedFunction("i32.extend8_s").Call(ctx) + require.Contains(t, err.Error(), "out of bounds memory access") + }) + } +} diff --git a/internal/integration_test/fuzzcases/testdata/701.wasm b/internal/integration_test/fuzzcases/testdata/701.wasm new file mode 100644 index 0000000000000000000000000000000000000000..1cd75a82f0f9ed7857bf222593877f62302f5399 GIT binary patch literal 89 zcmZQbEY4+QU|?WmVN76PU}k1wU|?lo1Oj#?CcaE#BfZp$lGMBuL$ml|1_oY)fCZ4x c$R)+Z!{GS;Kl8!AEDVec+}uD8;{ga80JMb?s{jB1 literal 0 HcmV?d00001 diff --git a/internal/integration_test/fuzzcases/testdata/701.wat b/internal/integration_test/fuzzcases/testdata/701.wat new file mode 100644 index 00000000..07dedbd8 --- /dev/null +++ b/internal/integration_test/fuzzcases/testdata/701.wat @@ -0,0 +1,19 @@ +(module + (func (export "i32.extend16_s") + i32.const 0xffff + ;; if this extends to 64 bit, the bit pattern of the value has all bits set + i32.extend16_s + ;; then plus one to it results in zero offset. + v128.load16x4_u offset=1 align=1 + unreachable + ) + (func (export "i32.extend8_s") + i32.const 0xff + ;; if this extends to 64 bit, the bit pattern of the value has all bits set + i32.extend8_s + ;; then plus one to it results in zero offset. + v128.load16x4_u offset=1 align=1 + unreachable + ) + (memory 1 1) +)