Fix out of bounds issue in is_native_addr_in_shared_heap function

When checking for integer overflow, you may often write tests like p + i < p. This works fine if p and i are unsigned integers, since any overflow in the addition will cause the value to simply "wrap around." However, using this pattern when p is a pointer is problematic because pointer overflow has undefined behavior according to the C and C++ standards. If the addition overflows and has an undefined result, the comparison will likewise be undefined; it may produce an unintended result, or may be deleted entirely by an optimizing compiler.
bytecodealliance · Oct 27, 2024 · 89f1524 · 89f1524
1 parent 6426fc4
commit 89f1524
Showing 1 changed file with 20 additions and 5 deletions.
diff --git a/core/iwasm/common/wasm_memory.c b/core/iwasm/common/wasm_memory.c
@@ -420,13 +420,28 @@ is_native_addr_in_shared_heap(WASMModuleInstanceCommon *module_inst,
                               uint8 *addr, uint32 bytes)
 {
     WASMSharedHeap *heap = get_shared_heap(module_inst);
+    uintptr_t base_addr = (uintptr_t)heap->base_addr;
+    uintptr_t addr_int = (uintptr_t)addr;
+    uintptr_t end_addr = addr_int + bytes;
 
-    if (heap && addr >= heap->base_addr
-        && addr + bytes <= heap->base_addr + heap->size
-        && addr + bytes > addr) {
-        return true;
+    if (!heap) {
+        return false;
     }
-    return false;
+
+    if (addr_int < base_addr) {
+        return false;
+    }
+
+    // Check for overflow
+    if (end_addr < addr_int) {
+        return false;
+    }
+
+    if (end_addr > base_addr + heap->size) {
+        return false;
+    }
+
+    return true;
 }
 
 uint64