Stream: git-wasmtime

Topic: wasmtime / PR #3238 Fix a possible use-after-free introdu...

view this post on Zulip Wasmtime GitHub notifications bot (Aug 25 2021 at 02:23):

alexcrichton opened PR #3238 from fix-uaf to main:

In #3231 the wasm data sections were moved from the
wasmtime_environ::Module structure into the CompilationArtifacts.
Each wasmtime_runtime::Instance holds raw pointers into the data
section owned by the compilation artifacts under the assumption that the
runtime keeps the artifacts alive while the module is in use. Data is
needed beyond original initialization for memory.init instructions as
well as lazy-initialization with the uffd feature.

The intention of #3231 was that all CompiledModule structures, which
own CompilationArtifacts were owned by a store's ModuleRegistry, so
this was already taken care of. It turns out, however, that empty
modules which contain no functions are not held within a
ModuleRegistry since there was no need prior to retain them. This
commit remedies this mistake by retaining the CompiledModule
structure, even if there aren't any functions compiled in.

This should unblock #3235 and fixes the spurious error found there. The
test here, at least on Linux, will deterministically reproduce the error
before this commit since uffd was initializing wasm memory with free'd
host memory.

<!--

Please ensure that the following steps are all taken care of before submitting
the PR.

Please ensure all communication adheres to the code of conduct.
-->

view this post on Zulip Wasmtime GitHub notifications bot (Aug 25 2021 at 02:23):

alexcrichton requested peterhuene for a review on PR #3238.

view this post on Zulip Wasmtime GitHub notifications bot (Aug 25 2021 at 17:10):

peterhuene submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Aug 25 2021 at 17:14):

alexcrichton merged PR #3238.

Last updated: Oct 23 2024 at 20:03 UTC