Switch wasi module cache and CLI to use validated module deserialization

Prevents undefined behaviour when loading modules. This is a much saner/safer default option, since loading modules without validation can cause UB and segfaults.
wasmerio · Mar 31, 2023 · 484c002 · 484c002
1 parent dd91453
commit 484c002
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/lib/cli/src/commands/run.rs b/lib/cli/src/commands/run.rs
@@ -427,7 +427,7 @@ impl RunWithPathBuf {
         if wasmer_compiler::Artifact::is_deserializable(&contents) {
             let engine = wasmer_compiler::EngineBuilder::headless();
             let store = Store::new(engine);
-            let module = unsafe { Module::deserialize_from_file(&store, &self.path)? };
+            let module = Module::deserialize_from_file_checked(&store, &self.path)?;
             return Ok((store, module));
         }
         let (store, compiler_type) = self.store.get_store()?;

diff --git a/lib/wasi/src/bin_factory/module_cache.rs b/lib/wasi/src/bin_factory/module_cache.rs
@@ -230,7 +230,15 @@ impl ModuleCache {
                 let module_bytes = bytes::Bytes::from(data);
 
                 // Load the module
-                let module = unsafe { Module::deserialize(engine, &module_bytes[..]).unwrap() };
+                let module = match Module::deserialize_checked(engine, &module_bytes[..]) {
+                    Ok(m) => m,
+                    Err(err) => {
+                        tracing::error!(
+                            "failed to deserialize module with hash '{data_hash}': {err}"
+                        );
+                        return None;
+                    }
+                };
 
                 if let Some(cache) = &self.cached_modules {
                     let mut cache = cache.write().unwrap();