Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory Corruption Risk: Invalid READ in uvwasi_serdes_readv_ciovec_t during WASI Execution #858

Open
JulianWu520 opened this issue Aug 27, 2024 · 0 comments
Open

Memory Corruption Risk: Invalid READ in uvwasi_serdes_readv_ciovec_t during WASI Execution #858

JulianWu520 opened this issue Aug 27, 2024 · 0 comments

Comments

@JulianWu520
Copy link

Hi,

Running fizzy-wasi with poc2.wasm results in a segmentation fault due to an invalid memory READ in the uvwasi_serdes_readv_ciovec_t function, indicating a potential memory corruption issue.

build

mkdir build && cd build
cmake -DFIZZY_WASI=ON -DCMAKE_CXX_FLAGS="-fsanitize=address -g" -DCMAKE_C_FLAGS="-fsanitize=address -g" -DCMAKE_LINKER_FLAGS="-fsanitize=address" ..
 cmake --build .

POC:

julianwu@RLab:~/Work/WebAssembly/fizzy/build/bin/crashes_output$ ../../../../fizzy-test/fizzy/build/bin/fizzy-wasi poc2.wasm
AddressSanitizer:DEADLYSIGNAL
=================================================================
==930395==ERROR: AddressSanitizer: SEGV on unknown address 0x631100014802 (pc 0x5643986a8428 bp 0x0fffa4a0afee sp 0x7ffd25057f10 T0)
==930395==The signal is caused by a READ memory access.
    #0 0x5643986a8428 in uvwasi_serdes_readv_ciovec_t (/home/julianwu/Work/WebAssembly/fizzy-test/fizzy/build/bin/fizzy-wasi+0xbf428)
    #1 0x564398604984 in fd_write /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/wasi.cpp:49
    #2 0x5643986267f4 in execute<false> /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/lib/fizzy/execute.cpp:570
    #3 0x56439862aa59 in invoke_function<false> /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/lib/fizzy/execute.cpp:540
    #4 0x56439862aa59 in execute<false> /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/lib/fizzy/execute.cpp:665
    #5 0x564398636954 in fizzy::execute(fizzy::Instance&, unsigned int, fizzy::Value const*) /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/lib/fizzy/execute.cpp:1626
    #6 0x564398605732 in fizzy::wasi::run(fizzy::wasi::UVWASI&, fizzy::Instance&, int, char const**, std::ostream&) /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/wasi.cpp:215
    #7 0x56439860bf56 in fizzy::wasi::run(std::basic_string_view<unsigned char, std::char_traits<unsigned char> >, int, char const**, std::ostream&) /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/wasi.cpp:232
    #8 0x56439860f142 in fizzy::wasi::load_and_run(int, char const**, std::ostream&) /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/wasi.cpp:241
    #9 0x564398602bd5 in main /home/julianwu/Work/WebAssembly/fizzy-test/fizzy/tools/wasi/main.cpp:19
    #10 0x7f432b285d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #11 0x7f432b285e3f in __libc_start_main_impl ../csu/libc-start.c:392
    #12 0x564398602e34 in _start (/home/julianwu/Work/WebAssembly/fizzy-test/fizzy/build/bin/fizzy-wasi+0x19e34)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/julianwu/Work/WebAssembly/fizzy-test/fizzy/build/bin/fizzy-wasi+0xbf428) in uvwasi_serdes_readv_ciovec_t
==930395==ABORTING

poc2.zip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JulianWu520