-
Notifications
You must be signed in to change notification settings - Fork 542
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix fluent-bit CVE-2024-34250 with a patch (#9259)
- Loading branch information
1 parent
bfcfb89
commit 59ccb32
Showing
2 changed files
with
119 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,114 @@ | ||
| diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c | ||
| index 2a06f42..87af852 100644 | ||
| --- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c | ||
| +++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c | ||
| @@ -219,7 +219,10 @@ type2str(uint8 type) | ||
| static bool | ||
| is_32bit_type(uint8 type) | ||
| { | ||
| - if (type == VALUE_TYPE_I32 || type == VALUE_TYPE_F32 | ||
| + if (type == VALUE_TYPE_I32 | ||
| + || type == VALUE_TYPE_F32 | ||
| + /* the operand stack is in polymorphic state */ | ||
| + || type == VALUE_TYPE_ANY | ||
| #if WASM_ENABLE_REF_TYPES != 0 | ||
| || type == VALUE_TYPE_FUNCREF || type == VALUE_TYPE_EXTERNREF | ||
| #endif | ||
| @@ -6690,6 +6693,7 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth, | ||
| int32 i, available_stack_cell; | ||
| uint16 cell_num; | ||
|
|
||
| + bh_assert(loader_ctx->csp_num > 0); | ||
| if (loader_ctx->csp_num < depth + 1) { | ||
| set_error_buf(error_buf, error_buf_size, | ||
| "unknown label, " | ||
| @@ -7758,8 +7762,7 @@ re_scan: | ||
| } | ||
|
|
||
| if (available_stack_cell > 0) { | ||
| - if (is_32bit_type(*(loader_ctx->frame_ref - 1)) | ||
| - || *(loader_ctx->frame_ref - 1) == VALUE_TYPE_ANY) { | ||
| + if (is_32bit_type(*(loader_ctx->frame_ref - 1))) { | ||
| loader_ctx->frame_ref--; | ||
| loader_ctx->stack_cell_num--; | ||
| #if WASM_ENABLE_FAST_INTERP != 0 | ||
| diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c | ||
| index 47ec549..157a82c 100644 | ||
| --- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c | ||
| +++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c | ||
| @@ -51,7 +51,10 @@ set_error_buf(char *error_buf, uint32 error_buf_size, const char *string) | ||
| static bool | ||
| is_32bit_type(uint8 type) | ||
| { | ||
| - if (type == VALUE_TYPE_I32 || type == VALUE_TYPE_F32 | ||
| + if (type == VALUE_TYPE_I32 | ||
| + || type == VALUE_TYPE_F32 | ||
| + /* the operand stack is in polymorphic state */ | ||
| + || type == VALUE_TYPE_ANY | ||
| #if WASM_ENABLE_REF_TYPES != 0 | ||
| || type == VALUE_TYPE_FUNCREF || type == VALUE_TYPE_EXTERNREF | ||
| #endif | ||
| @@ -3930,7 +3933,7 @@ wasm_loader_pop_frame_ref(WASMLoaderContext *ctx, uint8 type, char *error_buf, | ||
| ctx->frame_ref--; | ||
| ctx->stack_cell_num--; | ||
|
|
||
| - if (is_32bit_type(type) || *ctx->frame_ref == VALUE_TYPE_ANY) | ||
| + if (is_32bit_type(type)) | ||
| return true; | ||
|
|
||
| ctx->frame_ref--; | ||
| @@ -5839,13 +5842,11 @@ re_scan: | ||
| case WASM_OP_BR_TABLE: | ||
| { | ||
| uint8 *ret_types = NULL; | ||
| - uint32 ret_count = 0; | ||
| + uint32 ret_count = 0, depth = 0; | ||
| #if WASM_ENABLE_FAST_INTERP == 0 | ||
| - uint8 *p_depth_begin, *p_depth; | ||
| - uint32 depth, j; | ||
| BrTableCache *br_table_cache = NULL; | ||
| - | ||
| - p_org = p - 1; | ||
| + uint8 *p_depth_begin, *p_depth, *p_opcode = p - 1; | ||
| + uint32 j; | ||
| #endif | ||
|
|
||
| read_leb_uint32(p, p_end, count); | ||
| @@ -5854,6 +5855,16 @@ re_scan: | ||
| #endif | ||
| POP_I32(); | ||
|
|
||
| + /* Get each depth and check it */ | ||
| + p_org = p; | ||
| + for (i = 0; i <= count; i++) { | ||
| + read_leb_uint32(p, p_end, depth); | ||
| + bh_assert(loader_ctx->csp_num > 0); | ||
| + bh_assert(loader_ctx->csp_num - 1 >= depth); | ||
| + (void)depth; | ||
| + } | ||
| + p = p_org; | ||
| + | ||
| #if WASM_ENABLE_FAST_INTERP == 0 | ||
| p_depth_begin = p_depth = p; | ||
| #endif | ||
| @@ -5879,8 +5890,8 @@ re_scan: | ||
| error_buf, error_buf_size))) { | ||
| goto fail; | ||
| } | ||
| - *p_org = EXT_OP_BR_TABLE_CACHE; | ||
| - br_table_cache->br_table_op_addr = p_org; | ||
| + *p_opcode = EXT_OP_BR_TABLE_CACHE; | ||
| + br_table_cache->br_table_op_addr = p_opcode; | ||
| br_table_cache->br_count = count; | ||
| /* Copy previous depths which are one byte */ | ||
| for (j = 0; j < i; j++) { | ||
| @@ -6099,8 +6110,7 @@ re_scan: | ||
| && !cur_block->is_stack_polymorphic)); | ||
|
|
||
| if (available_stack_cell > 0) { | ||
| - if (is_32bit_type(*(loader_ctx->frame_ref - 1)) | ||
| - || *(loader_ctx->frame_ref - 1) == VALUE_TYPE_ANY) { | ||
| + if (is_32bit_type(*(loader_ctx->frame_ref - 1))) { | ||
| loader_ctx->frame_ref--; | ||
| loader_ctx->stack_cell_num--; | ||
| #if WASM_ENABLE_FAST_INTERP != 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters