mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-29 08:11:13 +00:00
LibWasm: Properly check memory.copy
addresses
Prevents overflow when checking that `memory.copy` addresses are valid. This prevents a potential crash in the VM.
This commit is contained in:
parent
308592969c
commit
ad9457b725
Notes:
sideshowbarker
2024-07-17 06:38:11 +09:00
Author: https://github.com/dzfrias Commit: https://github.com/SerenityOS/serenity/commit/ad9457b725 Pull-request: https://github.com/SerenityOS/serenity/pull/24519 Reviewed-by: https://github.com/alimpfard
|
@ -802,8 +802,12 @@ void BytecodeInterpreter::interpret(Configuration& configuration, InstructionPoi
|
|||
auto source_offset = configuration.stack().pop().get<Value>().to<i32>().value();
|
||||
auto destination_offset = configuration.stack().pop().get<Value>().to<i32>().value();
|
||||
|
||||
TRAP_IF_NOT(static_cast<size_t>(source_offset + count) <= source_instance->data().size());
|
||||
TRAP_IF_NOT(static_cast<size_t>(destination_offset + count) <= destination_instance->data().size());
|
||||
Checked<size_t> source_position = source_offset;
|
||||
source_position.saturating_add(count);
|
||||
Checked<size_t> destination_position = destination_offset;
|
||||
destination_position.saturating_add(count);
|
||||
TRAP_IF_NOT(source_position <= source_instance->data().size());
|
||||
TRAP_IF_NOT(destination_position <= destination_instance->data().size());
|
||||
|
||||
if (count == 0)
|
||||
return;
|
||||
|
|
Loading…
Reference in a new issue