Add check for table bounds on call_indirect.

2025-03-16 08:10:49 +00:00 · 2019-03-03 21:38:35 -08:00 · 2019-03-03 21:38:35 -08:00 · 87c453a0ec
commit 87c453a0ec
parent 801979c40d
3 changed files with 51 additions and 0 deletions
--- a/lib/llvm-backend/cpp/object_loader.hh
+++ b/lib/llvm-backend/cpp/object_loader.hh
@ -69,6 +69,7 @@ public:
        Unreachable = 0,
        IncorrectCallIndirectSignature = 1,
        MemoryOutOfBounds = 2,
+        CallIndirectOOB = 3,
        Unknown,
    };

--- a/lib/llvm-backend/src/code.rs
+++ b/lib/llvm-backend/src/code.rs
@ -744,6 +744,54 @@ fn parse_function(
                    )
                };

+                let truncated_table_bounds = builder.build_int_truncate(
+                    table_bound,
+                    intrinsics.i32_ty,
+                    "truncated_table_bounds",
+                );
+
+                // First, check if the index is outside of the table bounds.
+                let index_in_bounds = builder.build_int_compare(
+                    IntPredicate::ULT,
+                    func_index,
+                    truncated_table_bounds,
+                    "index_in_bounds",
+                );
+
+                let index_in_bounds = builder
+                    .build_call(
+                        intrinsics.expect_i1,
+                        &[
+                            index_in_bounds.as_basic_value_enum(),
+                            intrinsics.i1_ty.const_int(1, false).as_basic_value_enum(),
+                        ],
+                        "index_in_bounds_expect",
+                    )
+                    .try_as_basic_value()
+                    .left()
+                    .unwrap()
+                    .into_int_value();
+
+                let in_bounds_continue_block =
+                    context.append_basic_block(&function, "in_bounds_continue_block");
+                let not_in_bounds_block =
+                    context.append_basic_block(&function, "not_in_bounds_block");
+                builder.build_conditional_branch(
+                    index_in_bounds,
+                    &in_bounds_continue_block,
+                    &not_in_bounds_block,
+                );
+                builder.position_at_end(&not_in_bounds_block);
+                builder.build_call(
+                    intrinsics.throw_trap,
+                    &[intrinsics.trap_call_indirect_oob],
+                    "throw",
+                );
+                builder.build_unreachable();
+                builder.position_at_end(&in_bounds_continue_block);
+
+                // Next, check if the signature id is correct.
+
                let sigindices_equal = builder.build_int_compare(
                    IntPredicate::EQ,
                    expected_dynamic_sigindex,
--- a/lib/llvm-backend/src/intrinsics.rs
+++ b/lib/llvm-backend/src/intrinsics.rs
@ -95,6 +95,7 @@ pub struct Intrinsics {

    pub trap_unreachable: BasicValueEnum,
    pub trap_call_indirect_sig: BasicValueEnum,
+    pub trap_call_indirect_oob: BasicValueEnum,
    pub trap_memory_oob: BasicValueEnum,

    // VM intrinsics.
@ -293,6 +294,7 @@ impl Intrinsics {

            trap_unreachable: i32_zero.as_basic_value_enum(),
            trap_call_indirect_sig: i32_ty.const_int(1, false).as_basic_value_enum(),
+            trap_call_indirect_oob: i32_ty.const_int(3, false).as_basic_value_enum(),
            trap_memory_oob: i32_ty.const_int(2, false).as_basic_value_enum(),

            // VM intrinsics.