Test metadata slice len before accessing to prevent panic

wasmerio · Aug 23, 2022 · e2daf4f · e2daf4f
1 parent ec95964
commit e2daf4f
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 1 deletion.
diff --git a/lib/compiler/src/engine/artifact.rs b/lib/compiler/src/engine/artifact.rs
@@ -116,9 +116,32 @@ impl Artifact {
                 "The provided bytes are not wasmer-universal".to_string(),
             ));
         }
+
+        if bytes.len() < ArtifactBuild::MAGIC_HEADER.len() {
+            return Err(DeserializeError::InvalidByteLength {
+                expected: ArtifactBuild::MAGIC_HEADER.len(),
+                got: bytes.len(),
+            });
+        }
+
         let bytes = &bytes[ArtifactBuild::MAGIC_HEADER.len()..];
         let metadata_len = MetadataHeader::parse(bytes)?;
-        let metadata_slice: &[u8] = &bytes[MetadataHeader::LEN..][..metadata_len];
+        if bytes.len() < MetadataHeader::LEN {
+            return Err(DeserializeError::InvalidByteLength {
+                expected: MetadataHeader::LEN,
+                got: bytes.len(),
+            });
+        }
+
+        let metadata_slice: &[u8] = &bytes[MetadataHeader::LEN..];
+        if metadata_slice.len() < metadata_len {
+            return Err(DeserializeError::InvalidByteLength {
+                expected: metadata_len + MetadataHeader::LEN,
+                got: bytes.len(),
+            });
+        }
+
+        let metadata_slice: &[u8] = &metadata_slice[..metadata_len];
         let serializable = SerializableModule::deserialize(metadata_slice)?;
         let artifact = ArtifactBuild::from_serializable(serializable);
         let mut inner_engine = engine.inner_mut();

diff --git a/lib/types/src/error.rs b/lib/types/src/error.rs
@@ -35,6 +35,14 @@ pub enum DeserializeError {
     /// trying to allocate the required resources.
     #[error(transparent)]
     Compiler(#[from] CompileError),
+    /// Input artifact bytes have an invalid length
+    #[error("invalid input bytes: expected {expected} bytes, got {got}")]
+    InvalidByteLength {
+        /// How many bytes were expected
+        expected: usize,
+        /// How many bytes the artifact contained
+        got: usize,
+    }
 }
 
 /// Error type describing things that can go wrong when operating on Wasm Memories.