LibWasm: Ensure that global.get only accesses imports in const exprs

mnek84 · Jun 18, 2024 · bd97091 · bd97091
1 parent 596dd52
commit bd97091
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp b/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp
@@ -206,6 +206,8 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
     for (auto& entry : externs) {
         if (auto* ptr = entry.get_pointer<GlobalAddress>())
             auxiliary_instance.globals().append(*ptr);
+        else if (auto* ptr = entry.get_pointer<FunctionAddress>())
+            auxiliary_instance.functions().append(*ptr);
     }
 
     Vector<FunctionAddress> module_functions;
@@ -253,7 +255,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
                 if (m_should_limit_instruction_count)
                     config.enable_instruction_count_limit();
                 config.set_frame(Frame {
-                    main_module_instance,
+                    auxiliary_instance,
                     Vector<Value> {},
                     entry,
                     entry.instructions().size(),
@@ -306,7 +308,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
             if (m_should_limit_instruction_count)
                 config.enable_instruction_count_limit();
             config.set_frame(Frame {
-                main_module_instance,
+                auxiliary_instance,
                 Vector<Value> {},
                 active_ptr->expression,
                 1,
@@ -361,7 +363,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
                     if (m_should_limit_instruction_count)
                         config.enable_instruction_count_limit();
                     config.set_frame(Frame {
-                        main_module_instance,
+                        auxiliary_instance,
                         Vector<Value> {},
                         data.offset,
                         1,

diff --git a/Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp b/Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
@@ -728,6 +728,9 @@ void BytecodeInterpreter::interpret(Configuration& configuration, InstructionPoi
     }
     case Instructions::global_get.value(): {
         auto global_index = instruction.arguments().get<GlobalIndex>();
+        // This check here is for const expressions. In non-const expressions,
+        // a validation error would have been thrown.
+        TRAP_IF_NOT(global_index < configuration.frame().module().globals().size());
         auto address = configuration.frame().module().globals()[global_index.value()];
         dbgln_if(WASM_TRACE_DEBUG, "global({}) -> stack", address.value());
         auto global = configuration.store().get(address);