-
Notifications
You must be signed in to change notification settings - Fork 798
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(c-api) Trap's messages are always null terminated #2444
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`wasm_trap_new` expects a `wasm_message_t`. It's a type alias to `wasm_name_t` with the exception that it represents a null-terminated string. When calling `wasm_trap_new`, no check was present to ensure the string was well-formed. That's a first issue. But in the best scenario, the string was correctly formed and was null-terminated. This string was transformed to a Rust `String` —with the null byte!— and passed to `RuntimeError`. Then in `wasm_trap_message`, another null byte was pushed at the end of the message. It's been introduced in wasmerio#1947. It results in a doubly-null-terminated string, which is incorrect. This patch does the following: 1. It checks that the string given to `wasm_trap_new` contains a null-terminated string or not, and will act accordingly. Note that it's possible to pass a non-null-terminated string, and it will still work because this detail is vicious. The idea is to get a well-formed `RuntimeError` in anycase. * If no null byte is found, the string is passed to `RuntimeError` as a valid Rust string, * If a null byte is found at the end of the string, a new string is passed to `RuntimeError` but without the final null byte, * If a null byte is found but not at the end, it's considered as an error, * If the string contains invalid UTF-8 bytes, it's considered as an error. 2. It updates `wasm_trap_message` to always add a null byte at the end of the returned owned string. 3. It adds test cases when passing a null-terminated or a non-null-terminated string to `wasm_trap_new` and to compare the results to `wasm_trap_message`.
Hywan
requested review from
jubianchi,
MarkMcCaskey and
syrusakbary
as code owners
June 25, 2021 11:26
bors try |
syrusakbary
approved these changes
Jun 25, 2021
Merging directly as bors already passed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
wasm_trap_new
expects awasm_message_t
. It's a type alias towasm_name_t
with the exception that it represents a null-terminatedstring.
When calling
wasm_trap_new
, no check was present to ensure thestring was well-formed. That's a first issue. But in the best
scenario, the string was correctly formed and was
null-terminated. This string was transformed to a Rust
String
—withthe null byte!— and passed to
RuntimeError
.Then in
wasm_trap_message
, another null byte was pushed at the endof the message. It's been introduced in
#1947. It results in a
doubly-null-terminated string, which is incorrect.
This patch does the following:
wasm_trap_new
contains anull-terminated string or not, and will act accordingly. Note that
it's possible to pass a non-null-terminated string, and it will
still work because this detail is vicious. The idea is to get a
well-formed
RuntimeError
in anycase.RuntimeError
as a valid Rust string,
passed to
RuntimeError
but without the final null byte,error,
error.
wasm_trap_message
to always add a null byte at the endof the returned owned string.
non-null-terminated string to
wasm_trap_new
and to compare theresults to
wasm_trap_message
.It fixes #2439.
Review