Memory Corruption Risk: Invalid READ in uvwasi_serdes_readv_ciovec_t during WASI Execution #858
Description
Hi,
Running fizzy-wasi with poc2.wasm results in a segmentation fault due to an invalid memory READ in the uvwasi_serdes_readv_ciovec_t function, indicating a potential memory corruption issue.
build
mkdir build && cd build
cmake -DFIZZY_WASI=ON -DCMAKE_CXX_FLAGS="-fsanitize=address -g" -DCMAKE_C_FLAGS="-fsanitize=address -g" -DCMAKE_LINKER_FLAGS="-fsanitize=address" ..
cmake --build .
POC:
julianwu@RLab:~/Work/WebAssembly/fizzy/build/bin/crashes_output$ ../../../../fizzy-test/fizzy/build/bin/fizzy-wasi poc2.wasm
AddressSanitizer:DEADLYSIGNAL
=================================================================
==930395==ERROR: AddressSanitizer: SEGV on unknown address 0x631100014802 (pc 0x5643986a8428 bp 0x0fffa4a0afee sp 0x7ffd25057f10 T0)
==930395==The signal is caused by a READ memory access.
#0 0x5643986a8428 in uvwasi_serdes_readv_ciovec_t (/home/julianwu/Work/WebAssembly/fizzy-test/fizzy/build/bin/fizzy-wasi+0xbf428)
#1 0x564398604984 in fd_write /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/wasi.cpp:49
#2 0x5643986267f4 in execute<false> /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/lib/fizzy/execute.cpp:570
#3 0x56439862aa59 in invoke_function<false> /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/lib/fizzy/execute.cpp:540
#4 0x56439862aa59 in execute<false> /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/lib/fizzy/execute.cpp:665
#5 0x564398636954 in fizzy::execute(fizzy::Instance&, unsigned int, fizzy::Value const*) /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/lib/fizzy/execute.cpp:1626
#6 0x564398605732 in fizzy::wasi::run(fizzy::wasi::UVWASI&, fizzy::Instance&, int, char const**, std::ostream&) /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/wasi.cpp:215
#7 0x56439860bf56 in fizzy::wasi::run(std::basic_string_view<unsigned char, std::char_traits<unsigned char> >, int, char const**, std::ostream&) /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/wasi.cpp:232
#8 0x56439860f142 in fizzy::wasi::load_and_run(int, char const**, std::ostream&) /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/wasi.cpp:241
#9 0x564398602bd5 in main /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/main.cpp:19
#10 0x7f432b285d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#11 0x7f432b285e3f in __libc_start_main_impl ../csu/libc-start.c:392
#12 0x564398602e34 in _start (/home/julianwu/Work/WebAssembly/fizzy-test/fizzy/build/bin/fizzy-wasi+0x19e34)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/julianwu/Work/WebAssembly/fizzy-test/fizzy/build/bin/fizzy-wasi+0xbf428) in uvwasi_serdes_readv_ciovec_t
==930395==ABORTING