From a064f685322facf28ea2a1ef55f697dad4d4e0b3 Mon Sep 17 00:00:00 2001 From: Takeshi Yoneda Date: Wed, 27 Jul 2022 09:56:48 +0900 Subject: [PATCH] compiler: allow memory access after table.grow (#721) Signed-off-by: Takeshi Yoneda --- internal/engine/compiler/impl_amd64.go | 2 +- internal/engine/compiler/impl_arm64.go | 1 + .../fuzzcases/fuzzcases_test.go | 13 +++++++++++++ .../fuzzcases/testdata/720.wasm | Bin 0 -> 118 bytes .../fuzzcases/testdata/720.wat | 17 +++++++++++++++++ 5 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 internal/integration_test/fuzzcases/testdata/720.wasm create mode 100644 internal/integration_test/fuzzcases/testdata/720.wat diff --git a/internal/engine/compiler/impl_amd64.go b/internal/engine/compiler/impl_amd64.go index 732505a3..f7180616 100644 --- a/internal/engine/compiler/impl_amd64.go +++ b/internal/engine/compiler/impl_amd64.go @@ -3417,7 +3417,6 @@ func (c *amd64Compiler) compileMemoryGrow() error { // After the function call, we have to initialize the stack base pointer and memory reserved registers. c.compileReservedStackBasePointerInitialization() c.compileReservedMemoryPointerInitialization() - return nil } @@ -4130,6 +4129,7 @@ func (c *amd64Compiler) compileTableGrow(o *wazeroir.OperationTableGrow) error { // After return, we re-initialize reserved registers just like preamble of functions. c.compileReservedStackBasePointerInitialization() + c.compileReservedMemoryPointerInitialization() return nil } diff --git a/internal/engine/compiler/impl_arm64.go b/internal/engine/compiler/impl_arm64.go index 18ad80bb..5c520cc5 100644 --- a/internal/engine/compiler/impl_arm64.go +++ b/internal/engine/compiler/impl_arm64.go @@ -3870,6 +3870,7 @@ func (c *arm64Compiler) compileTableGrow(o *wazeroir.OperationTableGrow) error { // After return, we re-initialize reserved registers just like preamble of functions. c.compileReservedStackBasePointerRegisterInitialization() + c.compileReservedMemoryRegisterInitialization() return nil } diff --git a/internal/integration_test/fuzzcases/fuzzcases_test.go b/internal/integration_test/fuzzcases/fuzzcases_test.go index ce784f4d..9377abae 100644 --- a/internal/integration_test/fuzzcases/fuzzcases_test.go +++ b/internal/integration_test/fuzzcases/fuzzcases_test.go @@ -209,6 +209,19 @@ func Test719(t *testing.T) { }) } +func Test720(t *testing.T) { + run(t, func(t *testing.T, r wazero.Runtime) { + mod, err := r.InstantiateModuleFromBinary(ctx, getWasmBinary(t, 720)) + require.NoError(t, err) + + f := mod.ExportedFunction("access memory after table.grow") + require.NotNil(t, f) + res, err := f.Call(ctx) + require.NoError(t, err) + require.Equal(t, uint32(0xffffffff), uint32(res[0])) + }) +} + func Test721(t *testing.T) { run(t, func(t *testing.T, r wazero.Runtime) { mod, err := r.InstantiateModuleFromBinary(ctx, getWasmBinary(t, 721)) diff --git a/internal/integration_test/fuzzcases/testdata/720.wasm b/internal/integration_test/fuzzcases/testdata/720.wasm new file mode 100644 index 0000000000000000000000000000000000000000..db8157c863e80fcaee4418c35842e08b73c9cd97 GIT binary patch literal 118 zcmZQbEY4+QU|?WmWlUgTtY>CoWME-q%x7fmU}9xqWaQ#vS7MY)OioTME>_4*&CM^W zR7gxKNi9++NleN~)k`nRFK1xj5@6(GxRCG2^@pE9gW=Cq32ts#Mg~U^L-ap3002Vo BD#ri- literal 0 HcmV?d00001 diff --git a/internal/integration_test/fuzzcases/testdata/720.wat b/internal/integration_test/fuzzcases/testdata/720.wat new file mode 100644 index 00000000..00796938 --- /dev/null +++ b/internal/integration_test/fuzzcases/testdata/720.wat @@ -0,0 +1,17 @@ +(module + (func (export "access memory after table.grow") (result i32) + ref.null extern + i32.const 10 + table.grow 0 + ;; This should work without any problem, + ;; and should return non-trivial i32 result. + i32.load offset=396028 align=1 + ) + + ;; Table and memory are as-is produced by fuzzer. + (table 1 264 externref) + (memory 10 10) + + ;; Setup the non trivial content on the i32.load + (data (i32.const 396028) "\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff") +)