More misc ASAN fixes (#1882)

kripken · web-flow · commit e63c4a7d04c1 · 2019-01-22T17:15:37.000-08:00
* fix buffer overflow in simple_ast.h printing. * check wasm binary format reading of function export indexes for errors. * check if s-expr format imports have a non-empty module and base. Fixes #1876 Fixes #1877 Fixes #1879
diff --git a/src/emscripten-optimizer/istring.h b/src/emscripten-optimizer/istring.h
@@ -149,6 +149,10 @@ struct IString {
   bool startsWith(const char *prefix) const {
     return stripPrefix(prefix) != nullptr;
   }
+
+  size_t size() const {
+    return str ? strlen(str) : 0;
+  }
 };
 
 } // namespace cashew
diff --git a/src/emscripten-optimizer/simple_ast.h b/src/emscripten-optimizer/simple_ast.h
@@ -561,6 +561,7 @@ struct JSPrinter {
 
   void printAst() {
     print(ast);
+    ensure(1);
     buffer[used] = 0;
   }
 
diff --git a/src/wasm/wasm-binary.cpp b/src/wasm/wasm-binary.cpp
@@ -1505,6 +1505,9 @@ void WasmBinaryBuilder::processFunctions() {
     auto index = exportIndexes[curr];
     switch (curr->kind) {
       case ExternalKind::Function: {
+        if (index >= wasm.functions.size()) {
+          throwError("bad function export index");
+        }
         curr->value = getFunctionIndexName(index);
         break;
       }
diff --git a/src/wasm/wasm-s-parser.cpp b/src/wasm/wasm-s-parser.cpp
@@ -580,6 +580,7 @@ void SExpressionWasmBuilder::parseFunction(Element& s, bool preParseImport) {
   }
   if (importModule.is()) {
     // this is an import, actually
+    if (!importBase.size()) throw ParseException("module but no base for import");
     if (!preParseImport) throw ParseException("!preParseImport in func");
     auto im = make_unique<Function>();
     im->name = name;
@@ -1571,6 +1572,7 @@ void SExpressionWasmBuilder::parseImport(Element& s) {
   auto module = s[i++]->str();
   if (!s[i]->isStr()) throw ParseException("no name for import");
   auto base = s[i++]->str();
+  if (!module.size() || !base.size()) throw ParseException("imports must have module and base");
   // parse internals
   Element& inner = newStyle ? *s[3] : s;
   Index j = newStyle ? newStyleInner : i;
@@ -1694,6 +1696,7 @@ void SExpressionWasmBuilder::parseGlobal(Element& s, bool preParseImport) {
   }
   if (importModule.is()) {
     // this is an import, actually
+    if (!importBase.size()) throw ParseException("module but no base for import");
     if (!preParseImport) throw ParseException("!preParseImport in global");
     auto im = make_unique<Global>();
     im->name = global->name;

Original file line number	Diff line number	Diff line change
`@@ -561,6 +561,7 @@ struct JSPrinter {`
`561`	`561`
`562`	`562`	`void printAst() {`
`563`	`563`	`print(ast);`
	`564`	`+ ensure(1);`
`564`	`565`	`buffer[used] = 0;`
`565`	`566`	`}`
`566`	`567`