gxb-core
gxb-core copied to clipboard
gxchain
WASM serialization calls std::vector::resize(SIZE_MAX) which always leads to crash
100% crash.
file: libraries/wasm-jit/Source/WASM/WASMSerialization.cpp line: 384
OutputStream::capacity() always returns SIZE_MAX, so std::vector::resize(SIZE_MAX) always leads to crash. Please comment it out. Thanks.
void serialize(OutputStream& stream,UserSection& userSection) { userSection.data.resize( sectionStream.capacity() ? sectionStream.capacity() : 1 ); }
The latest WAVM source code has commented it out, but EOS and gxb-core don't synchronize with it yet. https://github.com/EOSIO/eos/blob/master/libraries/wasm-jit/Source/WASM/WASMSerialization.cpp
Thanks a lot, can you also leave your gxchain account so we can send you the bug bounty for your contributions.
thank you very much!
can you supply an example code or method which can leading a crash which can help us to fix the problems ASAP.
just build the target "gxc-wast2wasm" from gxb-core, and run it, it will core dump. This tool is for WASM assembling.
command: gxc-wast2wasm gxb-core/libraries/wasm-jit/Test/fuzzy/address.wast ./address.wasm
Thank you very much for the great work you have done, @zhangbo-miuNEST .
Have you found that the "witness_node" crash caused by this bug?(witness_node is node program).
gxc-wast2wasm is a compilation tool. We first compile the cpp code into a wasm bytecode and then deploy the wasm bytecode to the blockchain. The crash process took place in the first phase. I haven't found any impact on the witness_node node. Is there more fuzz files or contracts?
