Fix cast of out-of-bounds values

titzer · Sep 10, 2024 · 4ad7eca · 4ad7eca
1 parent b9d0e88
commit 4ad7eca
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/src/engine/WasmParser.v3 b/src/engine/WasmParser.v3
@@ -103,7 +103,7 @@ class WasmParser(extensions: Extension.set, limits: Limits, module: Module,
 	def checkIndex(pt: int, quantity: string, index: u32, max: int) -> (bool, u31) {
 		if (index >= max) {
 			err.rel(decoder, pt).OobIndex(quantity, index, u32.!(max));
-			return (false, u31.!(index));
+			return (false, 0);
 		}
 		return (true, u31.!(index));
 	}
@@ -234,7 +234,10 @@ class WasmParser(extensions: Extension.set, limits: Limits, module: Module,
 		var pt = decoder.pos;
 		var val = decoder.read_uleb32();
 		if (eof) return 0;
-		if (val > max) err.rel(decoder, pt).QuantityExceededMaximum(quantity, val, max);
+		if (val > max) {
+			err.rel(decoder, pt).QuantityExceededMaximum(quantity, val, max);
+			val = max;
+		}
 		if (Trace.binparse) {
 			traceBytes(pt, quantity);
 			OUT.putd(val).ln();

diff --git a/test/regress/core/zindex00.bin.wast b/test/regress/core/zindex00.bin.wast
@@ -0,0 +1,10 @@
+(assert_invalid
+  (module binary
+    "\00\61\73\6d\01\00\00\00\01\88\80\80\80\00\02\60"
+    "\01\7f\00\60\00\00\03\82\80\80\80\00\01\01\04\84"
+    "\80\80\80\00\01\70\00\01\0a\96\80\80\80\00\01\90"
+    "\80\80\80\00\00\41\01\04\40\41\00\11\ff\ff\ff\ff"
+    "\0f\00\0b\0b"
+  )
+  ""
+)
diff --git a/test/regress/core/zindex00.wast b/test/regress/core/zindex00.wast
@@ -0,0 +1,12 @@
+(assert_invalid
+  (module
+    (type (func (param i32)))
+    (table 1 funcref)
+    (func $conditional-dangling-type
+      (if (i32.const 1)
+        (then (call_indirect (type 0xffffffff) (i32.const 0)))
+      )
+    )
+  )
+  ""
+)