Comments (2)
I tried running this myself and didn't hit the OOM, but I do see the following right before execution traps on an out-of-bounds table access:
000232 func[7]:
000233: 02 7c | local[3..4] type=f64
000235: 05 7d | local[5..9] type=f32
000237: 01 7b | local[10] type=v128
000239: 02 7f | local[11..12] type=i32
00023b: 01 70 | local[13] type=funcref
00023d: 02 40 | block
00023f: 02 40 | block
000241: 42 96 cb 93 d2 97 a2 d5 87 | i64.const -3094160885426100842
00024a: 55 |
00024b: 10 03 | call 3 <i64.no_fold_f64_u>
00024d: d0 6f | ref.null extern
00024f: 41 bc e2 f1 fe 7a | i32.const 2950459708
000255: fc 0f 01 | table.grow 1 <------------- Grow table by ~3 billion entries
000258: 11 06 00 | call_indirect 6 0 <------------- Trap with oob table access
Adding the entries from that table.grow
instruction will allocate about
2950459708 * 8 = 23603677664 = 0x57EE389E0 bytes
which is pretty close to the amount you see in the failed allocation. So I assume your setup just isn't allowing WSL to allocate that much?
Anyway, there's nothing in the spec that prevents a table from growing this large, so it seems perfectly reasonable for wasm-interp
to handle the request. I'd think a user that's concerned about possible DOS attacks would check Wasms to ensure tables and memories have a reasonable maximum size (or modify them to add maximum sizes) before executing.
from wabt.
I tried running this myself and didn't hit the OOM, but I do see the following right before execution traps on an out-of-bounds table access:
000232 func[7]: 000233: 02 7c | local[3..4] type=f64 000235: 05 7d | local[5..9] type=f32 000237: 01 7b | local[10] type=v128 000239: 02 7f | local[11..12] type=i32 00023b: 01 70 | local[13] type=funcref 00023d: 02 40 | block 00023f: 02 40 | block 000241: 42 96 cb 93 d2 97 a2 d5 87 | i64.const -3094160885426100842 00024a: 55 | 00024b: 10 03 | call 3 <i64.no_fold_f64_u> 00024d: d0 6f | ref.null extern 00024f: 41 bc e2 f1 fe 7a | i32.const 2950459708 000255: fc 0f 01 | table.grow 1 <------------- Grow table by ~3 billion entries 000258: 11 06 00 | call_indirect 6 0 <------------- Trap with oob table access
Adding the entries from that
table.grow
instruction will allocate about2950459708 * 8 = 23603677664 = 0x57EE389E0 bytes
which is pretty close to the amount you see in the failed allocation. So I assume your setup just isn't allowing WSL to allocate that much?
Anyway, there's nothing in the spec that prevents a table from growing this large, so it seems perfectly reasonable for
wasm-interp
to handle the request. I'd think a user that's concerned about possible DOS attacks would check Wasms to ensure tables and memories have a reasonable maximum size (or modify them to add maximum sizes) before executing.
Thanks for your reply @adamrk, that's a fair point. I shall not consider this kind of issue as bug ๐ค .
from wabt.
Related Issues (20)
- Error using wasm2wat on a wasm file generated by Moonbit: "unexpected type form (got -0x30)" HOT 1
- Out-of-Memory Program Abort in BinaryReaderInterp::OnDataCount()
- Invalid Memory Read in FreeList<wabt::interp::Object*>::IsUsed()
- error initializing module: invalid import "a.a" HOT 1
- Error while running testsuite (simd_lane, simd_load) "loop not vectorized" HOT 3
- wasm2wat: support component wasm HOT 1
- Wrong type error when validating globals with gc proposal features
- wat2wasm: Assertion `!"ParseExpr should only be called when IsExpr() is true"' failed in wabt::WastParser::ParseExpr
- Wast2Json fails on the testsuite HOT 8
- Library not loaded: /usr/local/opt/openssl@3/lib/libcrypto.3.dylib HOT 8
- Missing Import when running global.wast HOT 1
- `wast2json` miscompiles "if.wast" from the specification tests HOT 4
- Build failed on Apple Silicon platform HOT 4
- [wasm2c] Strange issue with double parsing in msvc HOT 5
- wasm2c compiling minimal example issues HOT 1
- [wasm2c] catching traps without exception runtime
- โpicosha2.hโ: No such file or directory HOT 2
- Allocator is out of memory in wasm-interp HOT 3
- Invalid Read Memory in wabt::interp HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wabt.