wabt
wabt copied to clipboard
WebAssembly
Allocator is out of memory in wasm-interp
Version
commit 4beb525 Author: Peng Qian [email protected] Date: Tue Jun 15:08:05 2024
Compile
cd wabt
mkdir build
cd build
cmake -DCMAKE_CXX_FLAGS="-fsanitize=address -g" -DCMAKE_C_FLAGS="-fsanitize=address -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address" ..
make
Reproduce
./wasm-interp id:000000,sig:06,src:003930+002671,op:splice,rep:4
ASAN Log
=================================================================
==1063496==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x7212ffff68 bytes
#0 0x7f2e26436587 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:104
#1 0x56180d484ef8 in __gnu_cxx::new_allocator<wabt::interp::DataDesc>::allocate(unsigned long, void const*) /usr/include/c++/9/ext/new_allocator.h:114
#2 0x56180d4828d6 in std::allocator_traits<std::allocator<wabt::interp::DataDesc> >::allocate(std::allocator<wabt::interp::DataDesc>&, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:443
#3 0x56180d47ed93 in std::_Vector_base<wabt::interp::DataDesc, std::allocator<wabt::interp::DataDesc> >::_M_allocate(unsigned long) /usr/include/c++/9/bits/stl_vector.h:343
#4 0x56180d4f9fa9 in std::vector<wabt::interp::DataDesc, std::allocator<wabt::interp::DataDesc> >::reserve(unsigned long) /usr/include/c++/9/bits/vector.tcc:78
#5 0x56180d4c97c9 in OnDataCount /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/interp/binary-reader-interp.cc:762
#6 0x56180d5f9f36 in ReadDataCountSection /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/binary-reader.cc:2848
#7 0x56180d5fba01 in ReadSections /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/binary-reader.cc:2971
#8 0x56180d5fc4d0 in ReadModule /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/binary-reader.cc:3014
#9 0x56180d5fca43 in wabt::ReadBinary(void const*, unsigned long, wabt::BinaryReaderDelegate*, wabt::ReadBinaryOptions const&) /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/binary-reader.cc:3032
#10 0x56180d4e19d7 in wabt::interp::ReadBinaryInterp(std::basic_string_view<char, std::char_traits<char> >, void const*, unsigned long, wabt::ReadBinaryOptions const&, std::vector<wabt::Error, std::allocator<wabt::Error> >*, wabt::interp::ModuleDesc*) /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/interp/binary-reader-interp.cc:1614
#11 0x56180d456d2d in ReadModule /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/tools/wasm-interp.cc:324
#12 0x56180d4575c5 in ReadAndRunModule /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/tools/wasm-interp.cc:351
#13 0x56180d457be0 in ProgramMain(int, char**) /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/tools/wasm-interp.cc:450
#14 0x56180d457c92 in main /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/tools/wasm-interp.cc:456
#15 0x7f2e25b37082 in __libc_start_main ../csu/libc-start.c:308
==1063496==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan_new_delete.cc:104 in operator new(unsigned long)
==1063496==ABORTING
PoC
I don't found any wasm proposal about how to limit the count of section‘s member,
- If anyone found that, please provide some url and I will fix this OOM bug to match proposal.
So I think maybe there's no solution unless user own check, the same issues:
What is id:000000,sig:06,src:003930+002671,op:splice,rep:4 ? Is that the name of a wasm file?
I think this comes under implementation defined limits: https://webassembly.github.io/spec/core/appendix/implementation.html
We can/should define these limits in wabt.. but even with these limits in place its always possible the host might run out of memory, isn't it? e.g. if you run wasm-interp with a very low ulimit -m