Stream: git-wasmtime

Topic: wasmtime / issue #722 [lightbeam] panicked at index out o...

Wasmtime GitHub notifications bot (Sep 27 2021 at 17:29):

alexcrichton commented on issue #722:

Lightbeam was removed in https://github.com/bytecodealliance/wasmtime/pull/3390 as explained in RFC 14, so I'm going to close this.

Wasmtime GitHub notifications bot (Sep 27 2021 at 17:29):

alexcrichton closed issue #722:

Issue description

When calling the translate function of lightbeam, an index out of bound error occurs in function func_type_index because argument func_idx is not checked.

https://github.com/bytecodealliance/wasmtime/blob/77bf76897c276f110d3f98ff4df48fe4103e1dff/crates/lightbeam/src/module.rs#L395-L397

This function is called when handling WasmOperator::Call:

https://github.com/bytecodealliance/wasmtime/blob/77bf76897c276f110d3f98ff4df48fe4103e1dff/crates/lightbeam/src/microwasm.rs#L1165-L1168

Fix proposal

2 potentials solutions:

• Check if func_index is in the range inside func_type_index function otherwise return an Error.
• Check if func_index is in the range each time before calling func_type_index and func_type functions.

Reproduction

wasmtime commit: 77bf76897c276f110d3f98ff4df48fe4103e1dff

Download
index_oob_func_type.zip

Just create a basic testing program calling lightbeam translate:

use std::env;
use std::fs::{File};
use std::io;
use std::io::Read;
use std::path::PathBuf;

use lightbeam;

/// Read the contents of a file
fn read_contents(path: &PathBuf) -> Result<Vec<u8>, io::Error> {
    let mut buffer: Vec<u8> = Vec::new();
    let mut file = File::open(path)?;
    file.read_to_end(&mut buffer)?;
    drop(file);
    Ok(buffer)
}

fn main() {
    let args: Vec<String> = env::args().collect();
    let wasm_path = std::path::PathBuf::from(&args[1]);
    let wasm_binary: Vec<u8> = read_contents(&wasm_path).unwrap();

    let _res_translate = lightbeam::translate(&wasm_binary[..]);
}

RUST_BACKTRACE

thread 'main' panicked at 'index out of bounds: the len is 83 but the index is 84', /rustc/2d1a551e144335e0d60a637d12f410cf65849876/src/libcore/slice/mod.rs:2704:10
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.34/src/backtrace/libunwind.rs:88
   1: backtrace::backtrace::trace_unsynchronized
             at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.34/src/backtrace/mod.rs:66
   2: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:47
   3: std::sys_common::backtrace::print
             at src/libstd/sys_common/backtrace.rs:36
   4: std::panicking::default_hook::{{closure}}
             at src/libstd/panicking.rs:200
   5: std::panicking::default_hook
             at src/libstd/panicking.rs:214
   6: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:477
   7: std::panicking::continue_panic_fmt
             at src/libstd/panicking.rs:384
   8: rust_begin_unwind
             at src/libstd/panicking.rs:311
   9: core::panicking::panic_fmt
             at src/libcore/panicking.rs:85
  10: core::panicking::panic_bounds_check
             at src/libcore/panicking.rs:61
  11: <usize as core::slice::SliceIndex<[T]>>::index
             at /rustc/2d1a551e144335e0d60a637d12f410cf65849876/src/libcore/slice/mod.rs:2704
  12: core::slice::<impl core::ops::index::Index<I> for [T]>::index
             at /rustc/2d1a551e144335e0d60a637d12f410cf65849876/src/libcore/slice/mod.rs:2555
  13: <alloc::vec::Vec<T> as core::ops::index::Index<I>>::index
             at /rustc/2d1a551e144335e0d60a637d12f410cf65849876/src/liballoc/vec.rs:1791
  14: <lightbeam::module::SimpleContext as lightbeam::module::ModuleContext>::func_type_index
             at XXX/wasmtime/crates/lightbeam/src/module.rs:396
  15: lightbeam::module::ModuleContext::func_type
             at XXX/wasmtime/crates/lightbeam/src/module.rs:374
  16: lightbeam::microwasm::MicrowasmConv<M>::op_sig
             at XXX/wasmtime/crates/lightbeam/src/microwasm.rs:1166
  17: <lightbeam::microwasm::MicrowasmConv<M> as core::iter::traits::iterator::Iterator>::next
             at XXX/wasmtime/crates/lightbeam/src/microwasm.rs:1604
  18: lightbeam::function_body::translate_wasm
             at XXX/wasmtime/crates/lightbeam/src/function_body.rs:75
  19: lightbeam::translate_sections::code
             at XXX/wasmtime/crates/lightbeam/src/translate_sections.rs:118
  20: lightbeam::module::translate_only
             at XXX/wasmtime/crates/lightbeam/src/module.rs:631
  21: lightbeam::module::translate
             at XXX/wasmtime/crates/lightbeam/src/module.rs:504
  22: debug_lightbeam::main
             at src/main.rs:34
  23: std::rt::lang_start::{{closure}}
             at /rustc/2d1a551e144335e0d60a637d12f410cf65849876/src/libstd/rt.rs:64
  24: std::rt::lang_start_internal::{{closure}}
             at src/libstd/rt.rs:49
  25: std::panicking::try::do_call
             at src/libstd/panicking.rs:296
  26: __rust_maybe_catch_panic
             at src/libpanic_unwind/lib.rs:80
  27: std::panicking::try
             at src/libstd/panicking.rs:275
  28: std::panic::catch_unwind
             at src/libstd/panic.rs:394
  29: std::rt::lang_start_internal
             at src/libstd/rt.rs:48
  30: std::rt::lang_start
             at /rustc/2d1a551e144335e0d60a637d12f410cf65849876/src/libstd/rt.rs:64
  31: main
  32: __libc_start_main
  33: _start
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

Last updated: Nov 22 2024 at 16:03 UTC