Skip to content

aot_reloc_x86_64: Fix pointer overflows #809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 8, 2021
Merged

aot_reloc_x86_64: Fix pointer overflows #809

merged 1 commit into from
Nov 8, 2021

Conversation

@yamt
Copy link
Collaborator

@yamt yamt commented Oct 29, 2021

Detected by UBSan

/root/src/wasm-micro-runtime/core/iwasm/aot/arch/aot_reloc_x86_64.c:232:43: runtime error: addition of unsigned offset to 0x000041209004 overflowed to 0x000041209000
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /root/src/wasm-micro-runtime/core/iwasm/aot/arch/aot_reloc_x86_64.c:232:43 in

@yamt
aot_reloc_x86_64: Fix pointer overflows
40aaa43 
Detected by UBSan

```
/root/src/wasm-micro-runtime/core/iwasm/aot/arch/aot_reloc_x86_64.c:232:43: runtime error: addition of unsigned offset to 0x000041209004 overflowed to 0x000041209000
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /root/src/wasm-micro-runtime/core/iwasm/aot/arch/aot_reloc_x86_64.c:232:43 in
```
wenyongh
wenyongh reviewed Oct 30, 2021
View reviewed changes
core/iwasm/aot/arch/aot_reloc_x86_64.c
((uint8 *)symbol_addr + reloc_addend
- (target_section_addr + reloc_offset));
((uintptr_t)symbol_addr + reloc_addend
- (uintptr_t)(target_section_addr + reloc_offset));
Copy link
Contributor

@wenyongh wenyongh Oct 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we also fix other places, e.g. L168-L170?

Copy link
Contributor

@wenyongh wenyongh Oct 31, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And not known which expression causes integer overflow? target_section_addr + reloc_offset, plt + reloc_addend, or (plt + reloc_addend - (target_section_addr + reloc_offset))? Here the type of plt and target_section_addr is uint8 *, the range is 0 ~ 2^64-1 in x86-64, a little confused why there is integer overflow, could you please give an example as there might be some other places to be fixed?

Copy link
Collaborator Author

@yamt yamt Nov 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • iirc, pointer overflows like these are undefined behavior in C. unsigned integer overflows are ok.
  • i haven't checked other places. i just fixed a few places which actually got complaints from UBSAN during my tests.

Copy link
Contributor

@wenyongh wenyongh Nov 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, so the code inserted by the compiler detected pointer overflow and reported error, from the output log runtime error: addition of unsigned offset to 0x000041209004 overflowed to 0x00004120900 ... aot_reloc_x86_64.c:232:43,the overflow should occur at (uint8 *)symbol_addr + reloc_addend. We will merge this PR firstly and check whether there are other places to fix. Thanks a lot!

@wenyongh wenyongh merged commit 2613a68 into bytecodealliance:main Nov 8, 2021
wenyongh referenced this pull request in wenyongh/wasm-micro-runtime Nov 8, 2021
@wenyongh
Merge pull request #378 from bytecodealliance/main
50847eb 
aot_reloc_x86_64: Fix pointer overflows (#809)
vickiegpt pushed a commit to vickiegpt/wamr-aot-gc-checkpoint-restore that referenced this pull request May 27, 2024
@yamt
aot_reloc_x86_64: Fix pointer overflows (bytecodealliance#809)
668320f 
Fix pointer overflow of `(uint8 *)symbol_addr + reloc_addend` detected by UBSan:
```
core/iwasm/aot/arch/aot_reloc_x86_64.c:232:43: runtime error: addition of unsigned offset to 0x000041209004 overflowed to 0x000041209000
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior core/iwasm/aot/arch/aot_reloc_x86_64.c:232:43
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wenyongh wenyongh wenyongh left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yamt @wenyongh