Wasmtime GitHub notifications bot (Apr 02 2024 at 06:05): Wasmtime GitHub notifications bot (Apr 02 2024 at 06:05):ShinWonho added the bug label to Issue #8281.
Wasmtime GitHub notifications bot (Apr 02 2024 at 06:05):ShinWonho opened issue #8281:
Test Case
;; table.wat (module (table $2 0 0 externref) (func (export "table") (i32.const 0) (i32.const 0) (i32.const 0) (table.init 0 0) ) (elem $2 declare externref) )Steps to Reproduce
wasmtime --invoke table table.watExpected Results
terminate normally
Actual Results
thread 'main' panicked at crates/runtime/src/table.rs:539:9: assertion `left == right` failed left: Extern right: Func note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace zsh: abort wasmtime --invoke table table.watVersions and Environment
Wasmtime version or commit: 19.0.0
Operating system: macOS Ventura 13.6.6
Architecture: x86_64
Wasmtime GitHub notifications bot (Apr 02 2024 at 06:05):ShinWonho edited issue #8281:
Test Case
;; table.wat (module (table 0 0 externref) (func (export "table") (i32.const 0) (i32.const 0) (i32.const 0) (table.init 0 0) ) (elem declare externref) )Steps to Reproduce
wasmtime --invoke table table.watExpected Results
terminate normally
Actual Results
thread 'main' panicked at crates/runtime/src/table.rs:539:9: assertion `left == right` failed left: Extern right: Func note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace zsh: abort wasmtime --invoke table table.watVersions and Environment
Wasmtime version or commit: 19.0.0
Operating system: macOS Ventura 13.6.6
Architecture: x86_64
Wasmtime GitHub notifications bot (Apr 02 2024 at 10:17):ShinWonho edited issue #8281:
Test Case
;; table-init.wat (module (table 0 0 externref) (func (export "table-init") (i32.const 0) (i32.const 0) (i32.const 0) (table.init 0 0) ) (elem declare externref) )Steps to Reproduce
wasmtime --invoke table-init table-init.watExpected Results
terminate normally
Actual Results
thread 'main' panicked at crates/runtime/src/table.rs:539:9: assertion `left == right` failed left: Extern right: Func note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace zsh: abort wasmtime --invoke table-init table-init.watVersions and Environment
Wasmtime version or commit: 19.0.0
Operating system: macOS Ventura 13.6.6
Architecture: x86_64
Wasmtime GitHub notifications bot (Apr 02 2024 at 14:53):alexcrichton commented on issue #8281:
Thanks for the report! Do you perhaps have more detail on how this was discovered? For example is this a reduced module? Or perhaps a fuzz-generated test case?
Also as per our documentation this is a security issue so we'll be issuing a CVE and a 19.0.1 release for this. If you discover more issues like this we'd be grateful if you'd contact us privately so we can coordinate this, thanks!
Wasmtime GitHub notifications bot (Apr 02 2024 at 16:26):alexcrichton closed issue #8281:
Test Case
;; table-init.wat (module (table 0 0 externref) (func (export "table-init") (i32.const 0) (i32.const 0) (i32.const 0) (table.init 0 0) ) (elem declare externref) )Steps to Reproduce
wasmtime --invoke table-init table-init.watExpected Results
terminate normally
Actual Results
thread 'main' panicked at crates/runtime/src/table.rs:539:9: assertion `left == right` failed left: Extern right: Func note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace zsh: abort wasmtime --invoke table-init table-init.watVersions and Environment
Wasmtime version or commit: 19.0.0
Operating system: macOS Ventura 13.6.6
Architecture: x86_64
Wasmtime GitHub notifications bot (Apr 02 2024 at 19:15):alexcrichton edited a comment on issue #8281:
Thanks for the report! Do you perhaps have more detail on how this was discovered? For example is this a reduced module? Or perhaps a fuzz-generated test case?
Also as per our documentation this is a security issue so we'll be issuing a CVE and a 19.0.1 release for this. If you discover more issues like this we'd be grateful if you'd contact us privately so we can coordinate this, thanks!
Wasmtime GitHub notifications bot (Apr 03 2024 at 02:57):ShinWonho commented on issue #8281:
We are in progress of implementing a wasm fuzzer based on SpecTec. Currently, it generates short wasm programs by a simple syntax-driven approach. We performed differential testing with the latest wasmtime and previous versions, and luckily found the bug. We reduced the buggy program manually as the generated program was simple.
Wasmtime GitHub notifications bot (Apr 03 2024 at 09:32):ShinWonho edited a comment on issue #8281:
We are in progress of implementing a wasm fuzzer based on SpecTec. Currently, it generates short wasm programs by a simple syntax-driven approach. We performed differential testing with the latest wasmtime and previous versions, and luckily found the bug. We reduced the buggy program manually as the generated program was simple.
Wasmtime GitHub notifications bot (Apr 03 2024 at 14:46):alexcrichton commented on issue #8281:
Nice! If y'all need any help with fuzzing or such we're happy to talk as well. And thank you for fuzzing, we very much appreciate it!
Last updated: Nov 22 2024 at 16:03 UTC