Skip to content

More strictly check bounds in FACT trampolines #13027

Merged
alexcrichton merged 1 commit intobytecodealliance:mainfrom
alexcrichton:harden-strings
Apr 9, 2026
Merged

More strictly check bounds in FACT trampolines #13027
alexcrichton merged 1 commit intobytecodealliance:mainfrom
alexcrichton:harden-strings

Conversation

@alexcrichton
Copy link
Copy Markdown
Member

@alexcrichton alexcrichton commented Apr 9, 2026

Note: this is temporarily rebased on #13026

This commit is a hardening of the various in-bounds checks and such of
the FACT compiler, in particular as related to strings. The previous
implementation would check bounds in a few places but this was a bit
ad-hoc and not uniformly done. There's no known issue with the prior
checks, but given the sensitive nature of these checks I feel it's best
to make this a bit more rigorous.

Specifically the malloc helpers, and a newly added realloc helper,
will internally verify not only alignment but additionally the size of
the allocation itself. All manual invocations of realloc are switched
over to this helper. Additionally all conversion of a guest pointer to a
more structured value now additionally goes through helpers which
performs these same checks to ensure that everything is in-bounds.

The net result is that this should have no behavior change from before.
A suite of tests are added for behavior around large strings,
specifically exercising the maximum allowable size of strings. This
uncovered a few minor issues in transcoding where spec-wise Wasmtime
previously transcoded too many bytes before performing a
growing realloc.

Finally a few refactorings were done in FACT to handle some helpers
going away, notably around translating the map<K, V> type, which
cleans up the internals as well.

@alexcrichton alexcrichton requested review from a team as code owners April 9, 2026 20:53
@alexcrichton alexcrichton requested review from cfallin and uweigand and removed request for a team April 9, 2026 20:53
@cfallin cfallin enabled auto-merge April 9, 2026 21:00
@cfallin cfallin added this pull request to the merge queue Apr 9, 2026
@alexcrichton alexcrichton removed this pull request from the merge queue due to a manual request Apr 9, 2026
@alexcrichton
More strictly check bounds in FACT trampolines
6670c2a 
This commit is a hardening of the various in-bounds checks and such of
the FACT compiler, in particular as related to strings. The previous
implementation would check bounds in a few places but this was a bit
ad-hoc and not uniformly done. There's no known issue with the prior
checks, but given the sensitive nature of these checks I feel it's best
to make this a bit more rigorous.

Specifically the `malloc` helpers, and a newly added `realloc` helper,
will internally verify not only alignment but additionally the size of
the allocation itself. All manual invocations of `realloc` are switched
over to this helper. Additionally all conversion of a guest pointer to a
more structured value now additionally goes through helpers which
performs these same checks to ensure that everything is in-bounds.

The net result is that this should have no behavior change from before.
A suite of tests are added for behavior around large strings,
specifically exercising the maximum allowable size of strings. This
uncovered a few minor issues in transcoding where spec-wise Wasmtime
previously transcoded too many bytes before performing a
growing `realloc`.

Finally a few refactorings were done in FACT to handle some helpers
going away, notably around translating the `map<K, V>` type, which
cleans up the internals as well.
@alexcrichton alexcrichton enabled auto-merge April 9, 2026 21:25
@alexcrichton alexcrichton added this pull request to the merge queue Apr 9, 2026
Merged via the queue into bytecodealliance:main with commit dd2dd8d Apr 9, 2026
48 checks passed
@alexcrichton alexcrichton deleted the harden-strings branch April 9, 2026 22:12
alexcrichton added a commit to alexcrichton/wasmtime that referenced this pull request Apr 12, 2026
@alexcrichton
Fix FACT bounds check for custom-page-sizes
3f9bcde 
This was originally included in bytecodealliance#12972 but was accidentally lost during
the refactorings of bytecodealliance#13027. This re-adds it back in.
@alexcrichton alexcrichton mentioned this pull request Apr 12, 2026
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Apr 13, 2026
@alexcrichton
Fix FACT bounds check for custom-page-sizes (#13059)
a1af4e7 
This was originally included in #12972 but was accidentally lost during
the refactorings of #13027. This re-adds it back in.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfallin cfallin cfallin approved these changes

@uweigand uweigand Awaiting requested review from uweigand uweigand is a code owner automatically assigned from bytecodealliance/wasmtime-compiler-reviewers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexcrichton @cfallin