From 076d3507105aa389e30c666b6c97318a914f246e Mon Sep 17 00:00:00 2001 From: Christoph Herzog Date: Fri, 31 Mar 2023 11:57:36 +0200 Subject: [PATCH] Switch wasi module cache and CLI to use validated module deserialization Prevents undefined behaviour when loading modules. This is a much saner/safer default option, since loading modules without validation can cause UB and segfaults. --- lib/cli/src/commands/run.rs | 2 +- lib/wasi/src/bin_factory/module_cache.rs | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/cli/src/commands/run.rs b/lib/cli/src/commands/run.rs index 7a795ef86ef..a8027e7e399 100644 --- a/lib/cli/src/commands/run.rs +++ b/lib/cli/src/commands/run.rs @@ -427,7 +427,7 @@ impl RunWithPathBuf { if wasmer_compiler::Artifact::is_deserializable(&contents) { let engine = wasmer_compiler::EngineBuilder::headless(); let store = Store::new(engine); - let module = unsafe { Module::deserialize_from_file(&store, &self.path)? }; + let module = Module::deserialize_from_file_checked(&store, &self.path)?; return Ok((store, module)); } let (store, compiler_type) = self.store.get_store()?; diff --git a/lib/wasi/src/bin_factory/module_cache.rs b/lib/wasi/src/bin_factory/module_cache.rs index 0330bd0beef..6eff3d6eb73 100644 --- a/lib/wasi/src/bin_factory/module_cache.rs +++ b/lib/wasi/src/bin_factory/module_cache.rs @@ -230,7 +230,15 @@ impl ModuleCache { let module_bytes = bytes::Bytes::from(data); // Load the module - let module = unsafe { Module::deserialize(engine, &module_bytes[..]).unwrap() }; + let module = match Module::deserialize_checked(engine, &module_bytes[..]) { + Ok(m) => m, + Err(err) => { + tracing::error!( + "failed to deserialize module with hash '{data_hash}': {err}" + ); + return None; + } + }; if let Some(cache) = &self.cached_modules { let mut cache = cache.write().unwrap();