From 2538eae0f09ef6951365527d29de3ef2a99c127f Mon Sep 17 00:00:00 2001 From: "liang.he@intel.com" Date: Tue, 31 Dec 2024 08:30:25 +0000 Subject: [PATCH 1/2] Update CMakeLists.txt of fuzzing - enable software bound-check - enable wasi - disable libc builtin and multiple modules --- tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt b/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt index 356869d178..c8aed87e3c 100644 --- a/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt +++ b/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt @@ -66,13 +66,13 @@ if (NOT DEFINED WAMR_BUILD_JIT) endif () if (NOT DEFINED WAMR_BUILD_LIBC_BUILTIN) - # Enable libc builtin support by default + # Disable libc builtin support by default set (WAMR_BUILD_LIBC_BUILTIN 0) endif () if (NOT DEFINED WAMR_BUILD_LIBC_WASI) # Enable libc wasi support by default - set (WAMR_BUILD_LIBC_WASI 0) + set (WAMR_BUILD_LIBC_WASI 1) endif () if (NOT DEFINED WAMR_BUILD_FAST_INTERP) @@ -81,7 +81,7 @@ if (NOT DEFINED WAMR_BUILD_FAST_INTERP) endif () if (NOT DEFINED WAMR_BUILD_MULTI_MODULE) - # Enable multiple modules + # Disable multiple modules set (WAMR_BUILD_MULTI_MODULE 0) endif () @@ -116,6 +116,10 @@ if (WAMR_BUILD_DEBUG_INTERP EQUAL 1) set (WAMR_BUILD_SIMD 0) endif () +# sanitizer may use kHandleSignalExclusive to handle SIGSEGV +# like `UBSAN_OPTIONS=handle_segv=2:...` +set (WAMR_DISABLE_HW_BOUND_CHECK 1) + set (REPO_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../../..) message([ceith]:REPO_ROOT_DIR, ${REPO_ROOT_DIR}) From d12aeeb31dd898e053ff16f76933aaecec3abd89 Mon Sep 17 00:00:00 2001 From: "liang.he@intel.com" Date: Fri, 3 Jan 2025 05:59:44 +0000 Subject: [PATCH 2/2] Fix off-by-one error in result offset calculation for function calls --- core/iwasm/interpreter/wasm_interp_fast.c | 7 ++++--- tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/core/iwasm/interpreter/wasm_interp_fast.c b/core/iwasm/interpreter/wasm_interp_fast.c index 531468282f..f44644e456 100644 --- a/core/iwasm/interpreter/wasm_interp_fast.c +++ b/core/iwasm/interpreter/wasm_interp_fast.c @@ -1670,7 +1670,8 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module, { uint32 ret_idx; WASMFuncType *func_type; - uint32 off, ret_offset; + int32 off; + uint32 ret_offset; uint8 *ret_types; if (cur_func->is_import_func) func_type = cur_func->u.func_import->func_type; @@ -1682,9 +1683,9 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module, ret_offset = prev_frame->ret_offset; for (ret_idx = 0, - off = sizeof(int16) * (func_type->result_count - 1); + off = (int32)sizeof(int16) * (func_type->result_count - 1); ret_idx < func_type->result_count; - ret_idx++, off -= sizeof(int16)) { + ret_idx++, off -= (int32)sizeof(int16)) { if (ret_types[ret_idx] == VALUE_TYPE_I64 || ret_types[ret_idx] == VALUE_TYPE_F64) { PUT_I64_TO_ADDR(prev_frame->lp + ret_offset, diff --git a/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt b/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt index c8aed87e3c..6177d27e72 100644 --- a/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt +++ b/tests/fuzz/wasm-mutator-fuzz/CMakeLists.txt @@ -72,7 +72,7 @@ endif () if (NOT DEFINED WAMR_BUILD_LIBC_WASI) # Enable libc wasi support by default - set (WAMR_BUILD_LIBC_WASI 1) + set (WAMR_BUILD_LIBC_WASI 0) endif () if (NOT DEFINED WAMR_BUILD_FAST_INTERP)