Skip to content

Commit d4ce35c

Browse files
alexcrichtonalexcrichton
authored
cm-async: Cap read/write sizes on streams (#13086)
* cm-async: Cap read/write sizes on streams The spec mandates that stream operations cannot exceed `2**28` elements, but Wasmtime previously did not check for this limit. This meant that the guest could get silently corrupt answers when trying to operate on this many elements. This commit adds a new `ItemCount` newtype wrapper which is intended to be proof of an in-bounds count and then that's plumbed everywhere internally. Closes #13023 * Fix clippy * Update wit-bindgen dependency
1 parent d3aa8af commit d4ce35c

File tree

8 files changed

+267
-112
lines changed

8 files changed

+267
-112
lines changed

Cargo.lock

Lines changed: 17 additions & 17 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -348,8 +348,8 @@ io-lifetimes = { version = "2.0.3", default-features = false }
348348
io-extras = "0.18.4"
349349
rustix = "1.0.8"
350350
# wit-bindgen:
351-
wit-bindgen = { version = "0.55.0", default-features = false }
352-
wit-bindgen-rust-macro = { version = "0.55.0", default-features = false }
351+
wit-bindgen = { version = "0.56.0", default-features = false }
352+
wit-bindgen-rust-macro = { version = "0.56.0", default-features = false }
353353

354354
# wasm-tools family:
355355
wasmparser = { version = "0.246.2", default-features = false, features = ['simd'] }

crates/c-api/include/wasmtime/trap.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,8 @@ enum wasmtime_trap_code_enum {
136136
WASMTIME_TRAP_CODE_CONCURRENT_FUTURE_STREAM_OP = 45,
137137
/// A reference count (for e.g. an `error-context`) overflowed.
138138
WASMTIME_TRAP_CODE_REFERENCE_COUNT_OVERFLOW = 46,
139+
/// A read/write on a stream must be <2**28 items.
140+
WASMTIME_TRAP_CODE_STREAM_OP_TOO_BIG = 47,
139141
};
140142

141143
/**

crates/c-api/src/trap.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ const _: () = {
5353
assert!(Trap::CannotResumeThread as u8 == 44);
5454
assert!(Trap::ConcurrentFutureStreamOp as u8 == 45);
5555
assert!(Trap::ReferenceCountOverflow as u8 == 46);
56+
assert!(Trap::StreamOpTooBig as u8 == 47);
5657
};
5758

5859
#[repr(C)]

crates/environ/src/trap_encoding.rs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -223,6 +223,9 @@ generate_trap_type! {
223223
/// A reference count (for e.g. an `error-context`) overflowed.
224224
ReferenceCountOverflow = "reference count overflow",
225225

226+
/// A read/write on a stream must be <2**28 items.
227+
StreamOpTooBig = "stream read/write count too large",
228+
226229
// if adding a variant here be sure to update `trap.rs` and `trap.h` as
227230
// mentioned above
228231
}

0 commit comments

Comments
 (0)