Commit `1165e13c25`

Jonathan Marler <johnnymarler@gmail.com>

2024-06-16 15:45:30

wasm2c: avoid indexing null pointer triggering undefined behavior

Using zig cc to compile and run wasm2c on zig.wasm on Windows triggers what appears to be a sanitizer crash. The FuncGen reuse array pointer is initialized to null and at some point it's resized to a length of zero, which triggers this code to execute: memcpy(&self->reuse[self->reuse_i], &self->reuse[reuse_top], sizeof(uint32_t) * reuse_n); Given the current values, this equates to: memcpy(&(NULL)[0], &(NULL)[0], 0); Taking the address of the first element of a null pointer doesn't trigger any actual runtime problem, since the pointer won't be dereferenced because were passing 0 as the length to memcpy, however, it seems that the C spec considers indexing a null pointer to be undefined behavior even if you don't use the resulting value (or are just taking the address of an indexed pointer).

master

1 parent 4558996

Changed files (1)

stage1

FuncGen.h

@@ -179,8 +179,10 @@ static void FuncGen_blockBegin(struct FuncGen *self, FILE *out, enum WasmOpcode
         self->reuse = realloc(self->reuse, sizeof(uint32_t) * self->reuse_len);
         if (self->reuse == NULL) panic("out of memory");
     }
-    memcpy(&self->reuse[self->reuse_i], &self->reuse[reuse_top], sizeof(uint32_t) * reuse_n);
-    self->reuse_i += reuse_n;
+    if (reuse_n != 0) {
+        memcpy(&self->reuse[self->reuse_i], &self->reuse[reuse_top], sizeof(uint32_t) * reuse_n);
+        self->reuse_i += reuse_n;
+    }
 }
 
 static enum WasmOpcode FuncGen_blockKind(const struct FuncGen *self, uint32_t label_idx) {

Commit 1165e13c25

Commit `1165e13c25`