Skip to content

Fuzz test a 32-bit build #10

New issue
New issue
Open
Open
Fuzz test a 32-bit build#10
Labels
wasmparserRelated to the binary format of WebAssembly (wasmparser)
@stoklund

Description

@stoklund
stoklund
opened on Aug 31, 2017

In the read_function_body() function, the code reading the local variable declarations looks like this:

        for _ in 0..local_count {
            let (count, ty) = self.reader.read_local_decl()?;
            locals_total += count as usize;
            if locals_total > MAX_WASM_FUNCTION_LOCALS {
                return Err(BinaryReaderError {
                               message: "local_count is out of bounds",
                               offset: self.reader.position - 1,
                           });
            }
            locals.push((count, ty));
        }

In a 32-bit build, the addition in locals_total += count as usize could overflow which causes a panic only in debug builds. In release builds it silently wraps.

A fuzz tester running on a 32-bit build would probably catch that.

Metadata

Metadata

Assignees

No one assigned

    Labels

    wasmparserRelated to the binary format of WebAssembly (wasmparser)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions