-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Out-of-Bound Memory Write on "op_CopySlot_64" Function #471
Comments
(It would be nice if this bot provided WAT, like the one in #465.) I think this is because the recursive call in Line 1042 in 139076a
Fixing that removes the ASAN failure for me. |
Here is a minimal test case: (module
(func (;0;)
block $1 (result f64 f64)
block (result f64 f64)
f64.const -0x1.ba17b2943f09fp-37
f64.const -0x1.ba17b2943f09fp-37
br $1
end
end
drop
drop)
(export "main" (func 0))) |
Hi @tommie, it's great to see some following trackups to the security issues I reported! I think I need to explain a few things to you:
Again, thanks for paying attention to my security issue reports and hope corresponding PRs can be merged by the owners :) ! |
Environment
Proof of Concept
wasm3-poc-01.zip
Stack Trace Provide By AddressSanitizer
The text was updated successfully, but these errors were encountered: