git.ipfire.org Git - thirdparty/binutils-gdb.git/commit

author	Alan Modra <amodra@gmail.com>
	Mon, 13 Jan 2020 03:57:19 +0000 (14:27 +1030)
committer	Alan Modra <amodra@gmail.com>
	Mon, 13 Jan 2020 06:14:27 +0000 (16:44 +1030)
commit	febda64f152972d8edf0147fb29f89b02f6a4cf9
tree	530633bd36c29a3fd0715e8658777f665385aa9a	tree \| snapshot
parent	df08b5881b4972d78f9a2069955dad5b12bc972e	commit \| diff

ubsan: wasm32: signed integer overflow

The signed integer overflow occurred when adding one to target_count
  for (i = 0; i < target_count + 1; i++)
but that's the least of the worries here.  target_count was long and i
int, leading to the possibility of a loop that never ended.

So to avoid this type of vulnerability, this patch uses what I believe
to be the proper types for arguments of various wasm32 opcodes, rather
than using "long" which may change in size.

gas/
* testsuite/gas/wasm32/allinsn.d: Update expected output.
opcodes/
* wasm32-dis.c (print_insn_wasm32): Localise variables.  Store
result of wasm_read_leb128 in a uint64_t and check that bits
are not lost when copying to other locals.  Use uint32_t for
most locals.  Use PRId64 when printing int64_t.

gas/ChangeLog		diff \| blob \| blame \| history
gas/testsuite/gas/wasm32/allinsn.d		diff \| blob \| blame \| history
opcodes/ChangeLog		diff \| blob \| blame \| history
opcodes/wasm32-dis.c		diff \| blob \| blame \| history