Stream: git-wasmtime

Topic: wasmtime / issue #3509 Fix a panic with an invalid name s...


view this post on Zulip Wasmtime GitHub notifications bot (Nov 16 2021 at 09:49):

ulan commented on issue #3509:

@alexcrichton: do you know if this bug has any security impact?

view this post on Zulip Wasmtime GitHub notifications bot (Nov 16 2021 at 15:20):

alexcrichton commented on issue #3509:

@ulan this means that if arbitrary input is fed into Module::new then it can cause Module::new to panic, which can be a form of denial-of-service I believe, but I think that's the impact of this.

view this post on Zulip Wasmtime GitHub notifications bot (Nov 16 2021 at 16:14):

ulan commented on issue #3509:

Thanks @alexcrichton. Sorry, I forgot to mention that in a test that I tired the panic happens only in the debug mode. Could it be that the assertion is enabled only in debug mode? If so, could the bug lead to something exploitable in release mode?

In any case, do you think it is worthwhile to merge the fix back in the last two released versions?

view this post on Zulip Wasmtime GitHub notifications bot (Nov 16 2021 at 16:17):

alexcrichton commented on issue #3509:

Oh right sorry now I remember what I thought when I was originally thinking about this. Indeed yeah this is a debug assert so the assert doesn't happen in release mode, which means my previous comment is not actually correct because most embeddings are built in release mode.

I remember now though that my conclusion was that this would cause no issues. Nothing bad will happen for bad name section indices in reality and this was mostly just a debug check we needed to fixup. In that sense no need for security backports or anything.

view this post on Zulip Wasmtime GitHub notifications bot (Nov 16 2021 at 16:37):

ulan commented on issue #3509:

Happy to hear that! Thanks @alexcrichton.


Last updated: Dec 23 2024 at 13:07 UTC