feat(runtime-c-api) Avoid undefined behavior with user-given version.

When the version has type `Version`, we expect the user to give a valid `Version` variant. Since the `Version` is basically a `uint8_t`, the user is able to pass everything she wants, which can create an undefined behavior on the Rust side. To avoid such situation, the version has now type `c_uchar` (`unsigned char` or `uint8_t` on C side —on most platforms). Then the `From` trait is implemented on `Version`. In case the value is unbound, `Version::Unknown` is returned.
wasmerio · Dec 4, 2019 · 0f642a1 · 0f642a1
1 parent acb669d
commit 0f642a1
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 5 deletions.
diff --git a/lib/runtime-c-api/src/import/mod.rs b/lib/runtime-c-api/src/import/mod.rs
@@ -8,7 +8,7 @@ use crate::{
     value::wasmer_value_tag,
     wasmer_byte_array, wasmer_result_t,
 };
-use libc::c_uint;
+use libc::{c_uchar, c_uint};
 use std::{convert::TryFrom, ffi::c_void, ptr, slice, sync::Arc};
 use wasmer_runtime::{Global, Memory, Module, Table};
 use wasmer_runtime_core::{

diff --git a/lib/runtime-c-api/src/import/wasi.rs b/lib/runtime-c-api/src/import/wasi.rs
@@ -14,6 +14,16 @@ pub enum Version {
     Snapshot1,
 }
 
+impl From<c_uchar> for Version {
+    fn from(value: c_uchar) -> Self {
+        match value {
+            0 => Self::Snapshot0,
+            1 => Self::Snapshot1,
+            _ => Self::Unknown,
+        }
+    }
+}
+
 /// Opens a directory that's visible to the WASI module as `alias` but
 /// is backed by the host file at `host_file_path`
 #[repr(C)]
@@ -71,7 +81,7 @@ pub unsafe extern "C" fn wasmer_wasi_generate_import_object(
 /// except that the first argument describes the WASI version.
 #[no_mangle]
 pub unsafe extern "C" fn wasmer_wasi_generate_import_object_for_version(
-    version: Version,
+    version: c_uchar,
     args: *const wasmer_byte_array,
     args_len: c_uint,
     envs: *const wasmer_byte_array,
@@ -87,7 +97,7 @@ pub unsafe extern "C" fn wasmer_wasi_generate_import_object_for_version(
     let mapped_dir_list = get_slice_checked(mapped_dirs, mapped_dirs_len as usize);
 
     wasmer_wasi_generate_import_object_inner(
-        version,
+        version.into(),
         arg_list,
         env_list,
         preopened_file_list,

diff --git a/lib/runtime-c-api/wasmer.h b/lib/runtime-c-api/wasmer.h
@@ -912,7 +912,7 @@ wasmer_import_object_t *wasmer_wasi_generate_import_object(const wasmer_byte_arr
  * This function is similar to `wasmer_wasi_generate_import_object`
  * except that the first argument describes the WASI version.
  */
-wasmer_import_object_t *wasmer_wasi_generate_import_object_for_version(Version version,
+wasmer_import_object_t *wasmer_wasi_generate_import_object_for_version(unsigned char version,
                                                                        const wasmer_byte_array *args,
                                                                        unsigned int args_len,
                                                                        const wasmer_byte_array *envs,

diff --git a/lib/runtime-c-api/wasmer.hh b/lib/runtime-c-api/wasmer.hh
@@ -715,7 +715,7 @@ wasmer_import_object_t *wasmer_wasi_generate_import_object(const wasmer_byte_arr
 ///
 /// This function is similar to `wasmer_wasi_generate_import_object`
 /// except that the first argument describes the WASI version.
-wasmer_import_object_t *wasmer_wasi_generate_import_object_for_version(Version version,
+wasmer_import_object_t *wasmer_wasi_generate_import_object_for_version(unsigned char version,
                                                                        const wasmer_byte_array *args,
                                                                        unsigned int args_len,
                                                                        const wasmer_byte_array *envs,