Skip to content

Commit 44ccfd2

Browse files
wenyonghwenyongh
authored
Fix issue of condition settings of app boundary check (#249)
1 parent e8e45ae commit 44ccfd2

File tree

2 files changed

+21
-25
lines changed

2 files changed

+21
-25
lines changed

core/iwasm/aot/aot_runtime.c

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -635,11 +635,10 @@ aot_validate_app_addr(AOTModuleInstance *module_inst,
635635
goto fail;
636636
}
637637

638-
if (app_offset <= module_inst->heap_base_offset
639-
|| app_offset + (int32)size > (int32)module_inst->memory_data_size) {
640-
goto fail;
638+
if (module_inst->heap_base_offset <= app_offset
639+
&& app_offset + (int32)size <= (int32)module_inst->memory_data_size) {
640+
return true;
641641
}
642-
return true;
643642
fail:
644643
aot_set_exception(module_inst, "out of bounds memory access");
645644
return false;
@@ -657,12 +656,11 @@ aot_validate_native_addr(AOTModuleInstance *module_inst,
657656
goto fail;
658657
}
659658

660-
if (addr <= (uint8*)module_inst->heap_data.ptr
661-
|| addr + size > (uint8*)module_inst->memory_data.ptr
662-
+ memory_data_size) {
663-
goto fail;
659+
if ((uint8*)module_inst->heap_data.ptr <= addr
660+
&& addr + size <= (uint8*)module_inst->memory_data.ptr
661+
+ memory_data_size) {
662+
return true;
664663
}
665-
return true;
666664
fail:
667665
aot_set_exception(module_inst, "out of bounds memory access");
668666
return false;
@@ -674,7 +672,7 @@ aot_addr_app_to_native(AOTModuleInstance *module_inst, int32 app_offset)
674672
int32 memory_data_size = (int32)module_inst->memory_data_size;
675673
uint8 *addr = (uint8 *)module_inst->memory_data.ptr + app_offset;
676674

677-
if ((uint8*)module_inst->heap_data.ptr < addr
675+
if ((uint8*)module_inst->heap_data.ptr <= addr
678676
&& addr < (uint8*)module_inst->memory_data.ptr
679677
+ memory_data_size)
680678
return addr;
@@ -687,7 +685,7 @@ aot_addr_native_to_app(AOTModuleInstance *module_inst, void *native_ptr)
687685
uint8 *addr = (uint8*)native_ptr;
688686
int32 memory_data_size = (int32)module_inst->memory_data_size;
689687

690-
if ((uint8*)module_inst->heap_data.ptr < addr
688+
if ((uint8*)module_inst->heap_data.ptr <= addr
691689
&& addr < (uint8*)module_inst->memory_data.ptr
692690
+ memory_data_size)
693691
return (int32)(addr - (uint8*)module_inst->memory_data.ptr);
@@ -702,7 +700,7 @@ aot_get_app_addr_range(AOTModuleInstance *module_inst,
702700
{
703701
int32 memory_data_size = (int32)module_inst->memory_data_size;
704702

705-
if (module_inst->heap_base_offset < app_offset
703+
if (module_inst->heap_base_offset <= app_offset
706704
&& app_offset < memory_data_size) {
707705
if (p_app_start_offset)
708706
*p_app_start_offset = module_inst->heap_base_offset;
@@ -722,7 +720,7 @@ aot_get_native_addr_range(AOTModuleInstance *module_inst,
722720
uint8 *addr = (uint8*)native_ptr;
723721
int32 memory_data_size = (int32)module_inst->memory_data_size;
724722

725-
if ((uint8*)module_inst->heap_data.ptr < addr
723+
if ((uint8*)module_inst->heap_data.ptr <= addr
726724
&& addr < (uint8*)module_inst->memory_data.ptr
727725
+ memory_data_size) {
728726
if (p_native_start_addr)

core/iwasm/interpreter/wasm_runtime.c

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -952,11 +952,10 @@ wasm_validate_app_addr(WASMModuleInstance *module_inst,
952952
goto fail;
953953
}
954954

955-
if (app_offset <= memory->heap_base_offset
956-
|| app_offset + (int32)size > memory_data_size) {
957-
goto fail;
955+
if (memory->heap_base_offset <= app_offset
956+
&& app_offset + (int32)size <= memory_data_size) {
957+
return true;
958958
}
959-
return true;
960959
fail:
961960
wasm_set_exception(module_inst, "out of bounds memory access");
962961
return false;
@@ -975,11 +974,10 @@ wasm_validate_native_addr(WASMModuleInstance *module_inst,
975974
goto fail;
976975
}
977976

978-
if (addr <= memory->heap_data
979-
|| addr + size > memory->memory_data + memory_data_size) {
980-
goto fail;
977+
if (memory->heap_data <= addr
978+
&& addr + size <= memory->memory_data + memory_data_size) {
979+
return true;
981980
}
982-
return true;
983981
fail:
984982
wasm_set_exception(module_inst, "out of bounds memory access");
985983
return false;
@@ -994,7 +992,7 @@ wasm_addr_app_to_native(WASMModuleInstance *module_inst,
994992
int32 memory_data_size =
995993
(int32)(memory->num_bytes_per_page * memory->cur_page_count);
996994

997-
if (memory->heap_data < addr
995+
if (memory->heap_data <= addr
998996
&& addr < memory->memory_data + memory_data_size)
999997
return addr;
1000998
return NULL;
@@ -1009,7 +1007,7 @@ wasm_addr_native_to_app(WASMModuleInstance *module_inst,
10091007
int32 memory_data_size =
10101008
(int32)(memory->num_bytes_per_page * memory->cur_page_count);
10111009

1012-
if (memory->heap_data < addr
1010+
if (memory->heap_data <= addr
10131011
&& addr < memory->memory_data + memory_data_size)
10141012
return (int32)(addr - memory->memory_data);
10151013
return 0;
@@ -1025,7 +1023,7 @@ wasm_get_app_addr_range(WASMModuleInstance *module_inst,
10251023
int32 memory_data_size =
10261024
(int32)(memory->num_bytes_per_page * memory->cur_page_count);
10271025

1028-
if (memory->heap_base_offset < app_offset
1026+
if (memory->heap_base_offset <= app_offset
10291027
&& app_offset < memory_data_size) {
10301028
if (p_app_start_offset)
10311029
*p_app_start_offset = memory->heap_base_offset;
@@ -1047,7 +1045,7 @@ wasm_get_native_addr_range(WASMModuleInstance *module_inst,
10471045
int32 memory_data_size =
10481046
(int32)(memory->num_bytes_per_page * memory->cur_page_count);
10491047

1050-
if (memory->heap_data < addr
1048+
if (memory->heap_data <= addr
10511049
&& addr < memory->memory_data + memory_data_size) {
10521050
if (p_native_start_addr)
10531051
*p_native_start_addr = memory->heap_data;

0 commit comments

Comments
 (0)