Bug 1736171 - Update wasm2c fork to fix hunspell crash when accessing top half of heap r=bholley FIREFOX_BETA_95_BASE
authorshravanrn@gmail.com <shravanrn@gmail.com>
Sun, 31 Oct 2021 21:28:06 +0000
changeset 597503 ec54c35cb3bd993fc91f6bd11635b0b0c2229c6a
parent 597502 7270f00ee9ac3b4af75fc51a8d2be14190107687
child 597504 1379da0937ff9ae8aff8042fed31103dcd0bf13b
child 597810 deb39133bebeaa97d984b918966ce9b57a9b3098
push idunknown
push userunknown
push dateunknown
reviewersbholley
bugs1736171
milestone95.0a1
Bug 1736171 - Update wasm2c fork to fix hunspell crash when accessing top half of heap r=bholley Differential Revision: https://phabricator.services.mozilla.com/D129976
config/external/wasm2c_sandbox_compiler/moz.yaml
third_party/wasm2c/src/prebuilt/wasm2c.include.c
third_party/wasm2c/src/wasm2c.c.tmpl
third_party/wasm2c/wasm2c/wasm-rt-impl.c
third_party/wasm2c/wasm2c/wasm-rt.h
--- a/config/external/wasm2c_sandbox_compiler/moz.yaml
+++ b/config/external/wasm2c_sandbox_compiler/moz.yaml
@@ -4,18 +4,18 @@ bugzilla:
   product: Core
   component: "General"
 
 origin:
   name: wasm2c_sandbox_compiler
   description: wasm2c fork used for rlbox sandboxing
   url: https://github.com/PLSysSec/wasm2c_sandbox_compiler
 
-  release: commit 247bd88bd77f07e3447ee168ed26d815de47b077 (2021-10-26T04:00:27Z).
-  revision: 247bd88bd77f07e3447ee168ed26d815de47b077
+  release: commit cd4b501b775244535603baa22c349bf0e3d11844 (2021-10-31T04:46:54Z).
+  revision: cd4b501b775244535603baa22c349bf0e3d11844
 
   license: Apache-2.0
   license-file: LICENSE
 
 vendoring:
   url: https://github.com/PLSysSec/wasm2c_sandbox_compiler.git
   source-hosting: github
   vendor-directory: third_party/wasm2c
--- a/third_party/wasm2c/src/prebuilt/wasm2c.include.c
+++ b/third_party/wasm2c/src/prebuilt/wasm2c.include.c
@@ -82,17 +82,17 @@ const char SECTION_NAME(declarations)[] 
 "#ifdef WASM_USE_GUARD_PAGES\n"
 "#  define MEMCHECK(mem, a, t)\n"
 "#else\n"
 "#  define MEMCHECK(mem, a, t) if (UNLIKELY((a) + sizeof(t) > mem->size)) { (void) TRAP(OOB); }\n"
 "#endif\n"
 "\n"
 "#if defined(WASM_USE_GUARD_PAGES) && UINTPTR_MAX == 0xffffffff\n"
 "// on 32-bit platforms we have to mask memory access into range\n"
-"#  define MEM_ACCESS_REF(mem, addr) &mem->data[addr & 0x7fffff]\n"
+"#  define MEM_ACCESS_REF(mem, addr) &mem->data[addr & WASM_HEAP_MASK]\n"
 "#else\n"
 "#  define MEM_ACCESS_REF(mem, addr) &mem->data[addr]\n"
 "#endif\n"
 "\n"
 "#if defined(WASM_USING_GLOBAL_HEAP)\n"
 "#  undef MEM_ACCESS_REF\n"
 "#  define MEM_ACCESS_REF(mem, addr) (char*) addr\n"
 "#endif\n"
--- a/third_party/wasm2c/src/wasm2c.c.tmpl
+++ b/third_party/wasm2c/src/wasm2c.c.tmpl
@@ -79,17 +79,17 @@
 #ifdef WASM_USE_GUARD_PAGES
 #  define MEMCHECK(mem, a, t)
 #else
 #  define MEMCHECK(mem, a, t) if (UNLIKELY((a) + sizeof(t) > mem->size)) { (void) TRAP(OOB); }
 #endif
 
 #if defined(WASM_USE_GUARD_PAGES) && UINTPTR_MAX == 0xffffffff
 // on 32-bit platforms we have to mask memory access into range
-#  define MEM_ACCESS_REF(mem, addr) &mem->data[addr & 0x7fffff]
+#  define MEM_ACCESS_REF(mem, addr) &mem->data[addr & WASM_HEAP_MASK]
 #else
 #  define MEM_ACCESS_REF(mem, addr) &mem->data[addr]
 #endif
 
 #if defined(WASM_USING_GLOBAL_HEAP)
 #  undef MEM_ACCESS_REF
 #  define MEM_ACCESS_REF(mem, addr) (char*) addr
 #endif
--- a/third_party/wasm2c/wasm2c/wasm-rt-impl.c
+++ b/third_party/wasm2c/wasm2c/wasm-rt-impl.c
@@ -195,16 +195,20 @@ void wasm_rt_cleanup_func_types(wasm_fun
 #define WASM_PAGE_SIZE 65536
 
 #if UINTPTR_MAX == 0xffffffffffffffff
 // Reserve 8GiB, aligned to 4GB, max heap is 4GB
 # define WASM_HEAP_GUARD_PAGE_ALIGNMENT 0x100000000ull
 # define WASM_HEAP_RESERVE_SIZE 0x200000000ull
 # define WASM_HEAP_MAX_ALLOWED_PAGES 65536
 #elif UINTPTR_MAX == 0xffffffff
+// Check that the mask used is consistent with the below values
+# if WASM_HEAP_MASK != 0xffffff
+#   error "WASM_HEAP_MASK has an unexpected value compared to the expected value"
+# endif
 // Reserve 16MB, unaligned, max heap is 16MB
 # define WASM_HEAP_GUARD_PAGE_ALIGNMENT 0
 # define WASM_HEAP_RESERVE_SIZE 0x1000000ul
 # ifdef WASM_USE_INCREMENTAL_MOVEABLE_MEMORY_ALLOC
 #   define WASM_HEAP_MAX_ALLOWED_PAGES 65536
 # else
 #   define WASM_HEAP_MAX_ALLOWED_PAGES 256
 # endif
--- a/third_party/wasm2c/wasm2c/wasm-rt.h
+++ b/third_party/wasm2c/wasm2c/wasm-rt.h
@@ -138,16 +138,22 @@ typedef struct {
   /** The current size of the linear memory, in bytes. */
   uint32_t size;
 
 #if defined(WASM_CHECK_SHADOW_MEMORY)
   wasm2c_shadow_memory_t shadow_memory;
 #endif
 } wasm_rt_memory_t;
 
+// Wasm's 32-bit implementation uses masking.
+#if UINTPTR_MAX == 0xffffffff
+// Set the mask for 16MB
+# define WASM_HEAP_MASK 0xffffff
+#endif
+
 /** A Table object. */
 typedef struct {
   /** The table element data, with an element count of `size`. */
   wasm_rt_elem_t* data;
   /** The maximum element count of this Table object. If there is no maximum,
    * `max_size` is 0xffffffffu (i.e. UINT32_MAX). */
   uint32_t max_size;
   /** The current element count of the table. */