Wasmtime GitHub notifications bot (Sep 01 2022 at 16:01): Wasmtime GitHub notifications bot (Sep 01 2022 at 16:01):alexcrichton labeled issue #4840:
A fuzz bug was discovered last night where this driver program:
use anyhow::Result; use wasmtime::*; fn main() -> Result<()> { let mut cfg = Config::new(); let a = run(&cfg)?; cfg.cranelift_opt_level(OptLevel::None); let b = run(&cfg)?; if a == b { println!("same"); } else { anyhow::bail!("{} != {}", a, b); } Ok(()) } fn run(config: &Config) -> Result<f64> { let engine = Engine::new(config)?; let file = std::env::args().nth(1).unwrap(); let module = Module::from_file(&engine, file)?; let mut store = Store::new(&engine, ()); let instance = Instance::new(&mut store, &module, &[])?; let func = instance.get_typed_func::<(f32, i32), (), _>(&mut store, "")?; func.call(&mut store, (f32::from_bits(2143289344), -2147483648))?; let global = instance.get_global(&mut store, "3").unwrap(); Ok(global.get(&mut store).unwrap_f64()) }will produce an error with this wasm input:
(module (func (param f32 i32) local.get 1 f64.convert_i32_u i32.trunc_f64_u f64.convert_i32_s local.get 1 f64.convert_i32_u global.set 0 drop ) (global (;0;) (mut f64) f64.const 0) (export "" (func 0)) (export "3" (global 0)) )where the program will print
Error: 0 != 2147483648Bisection shows that this was introduced in #4811 so looks like no need for a point release or anything, just a bug to fix
Wasmtime GitHub notifications bot (Sep 01 2022 at 16:01):alexcrichton opened issue #4840:
A fuzz bug was discovered last night where this driver program:
use anyhow::Result; use wasmtime::*; fn main() -> Result<()> { let mut cfg = Config::new(); let a = run(&cfg)?; cfg.cranelift_opt_level(OptLevel::None); let b = run(&cfg)?; if a == b { println!("same"); } else { anyhow::bail!("{} != {}", a, b); } Ok(()) } fn run(config: &Config) -> Result<f64> { let engine = Engine::new(config)?; let file = std::env::args().nth(1).unwrap(); let module = Module::from_file(&engine, file)?; let mut store = Store::new(&engine, ()); let instance = Instance::new(&mut store, &module, &[])?; let func = instance.get_typed_func::<(f32, i32), (), _>(&mut store, "")?; func.call(&mut store, (f32::from_bits(2143289344), -2147483648))?; let global = instance.get_global(&mut store, "3").unwrap(); Ok(global.get(&mut store).unwrap_f64()) }will produce an error with this wasm input:
(module (func (param f32 i32) local.get 1 f64.convert_i32_u i32.trunc_f64_u f64.convert_i32_s local.get 1 f64.convert_i32_u global.set 0 drop ) (global (;0;) (mut f64) f64.const 0) (export "" (func 0)) (export "3" (global 0)) )where the program will print
Error: 0 != 2147483648Bisection shows that this was introduced in #4811 so looks like no need for a point release or anything, just a bug to fix
Wasmtime GitHub notifications bot (Sep 01 2022 at 22:46):cfallin closed issue #4840:
A fuzz bug was discovered last night where this driver program:
use anyhow::Result; use wasmtime::*; fn main() -> Result<()> { let mut cfg = Config::new(); let a = run(&cfg)?; cfg.cranelift_opt_level(OptLevel::None); let b = run(&cfg)?; if a == b { println!("same"); } else { anyhow::bail!("{} != {}", a, b); } Ok(()) } fn run(config: &Config) -> Result<f64> { let engine = Engine::new(config)?; let file = std::env::args().nth(1).unwrap(); let module = Module::from_file(&engine, file)?; let mut store = Store::new(&engine, ()); let instance = Instance::new(&mut store, &module, &[])?; let func = instance.get_typed_func::<(f32, i32), (), _>(&mut store, "")?; func.call(&mut store, (f32::from_bits(2143289344), -2147483648))?; let global = instance.get_global(&mut store, "3").unwrap(); Ok(global.get(&mut store).unwrap_f64()) }will produce an error with this wasm input:
(module (func (param f32 i32) local.get 1 f64.convert_i32_u i32.trunc_f64_u f64.convert_i32_s local.get 1 f64.convert_i32_u global.set 0 drop ) (global (;0;) (mut f64) f64.const 0) (export "" (func 0)) (export "3" (global 0)) )where the program will print
Error: 0 != 2147483648Bisection shows that this was introduced in #4811 so looks like no need for a point release or anything, just a bug to fix
Last updated: Nov 22 2024 at 16:03 UTC