Allocator is out of memory in wasm-interp

[Messi-Q]

Version

commit 4beb525
Author: Peng Qian [email protected]
Date: Tue Jun 15:08:05 2024

Compile

cd wabt
mkdir build
cd build 
cmake -DCMAKE_CXX_FLAGS="-fsanitize=address -g" -DCMAKE_C_FLAGS="-fsanitize=address -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address" ..
make

Reproduce

./wasm-interp id:000000,sig:06,src:003930+002671,op:splice,rep:4

ASAN Log

=================================================================
==1063496==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x7212ffff68 bytes
    #0 0x7f2e26436587 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:104
    #1 0x56180d484ef8 in __gnu_cxx::new_allocator<wabt::interp::DataDesc>::allocate(unsigned long, void const*) /usr/include/c++/9/ext/new_allocator.h:114
    #2 0x56180d4828d6 in std::allocator_traits<std::allocator<wabt::interp::DataDesc> >::allocate(std::allocator<wabt::interp::DataDesc>&, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:443
    #3 0x56180d47ed93 in std::_Vector_base<wabt::interp::DataDesc, std::allocator<wabt::interp::DataDesc> >::_M_allocate(unsigned long) /usr/include/c++/9/bits/stl_vector.h:343
    #4 0x56180d4f9fa9 in std::vector<wabt::interp::DataDesc, std::allocator<wabt::interp::DataDesc> >::reserve(unsigned long) /usr/include/c++/9/bits/vector.tcc:78
    #5 0x56180d4c97c9 in OnDataCount /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/interp/binary-reader-interp.cc:762
    #6 0x56180d5f9f36 in ReadDataCountSection /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/binary-reader.cc:2848
    #7 0x56180d5fba01 in ReadSections /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/binary-reader.cc:2971
    #8 0x56180d5fc4d0 in ReadModule /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/binary-reader.cc:3014
    #9 0x56180d5fca43 in wabt::ReadBinary(void const*, unsigned long, wabt::BinaryReaderDelegate*, wabt::ReadBinaryOptions const&) /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/binary-reader.cc:3032
    #10 0x56180d4e19d7 in wabt::interp::ReadBinaryInterp(std::basic_string_view<char, std::char_traits<char> >, void const*, unsigned long, wabt::ReadBinaryOptions const&, std::vector<wabt::Error, std::allocator<wabt::Error> >*, wabt::interp::ModuleDesc*) /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/interp/binary-reader-interp.cc:1614
    #11 0x56180d456d2d in ReadModule /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/tools/wasm-interp.cc:324
    #12 0x56180d4575c5 in ReadAndRunModule /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/tools/wasm-interp.cc:351
    #13 0x56180d457be0 in ProgramMain(int, char**) /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/tools/wasm-interp.cc:450
    #14 0x56180d457c92 in main /home/peng/Documents/all_wasm_vm/new_version_test/wabt/src/tools/wasm-interp.cc:456
    #15 0x7f2e25b37082 in __libc_start_main ../csu/libc-start.c:308

==1063496==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan_new_delete.cc:104 in operator new(unsigned long)
==1063496==ABORTING

PoC

PoC

[tianstcht]

I don't found any wasm proposal about how to limit the count of section‘s member,

• If anyone found that, please provide some url and I will fix this OOM bug to match proposal.

So I think maybe there's no solution unless user own check, the same issues:

• 2396
• 2397

[sbc100]

What is id:000000,sig:06,src:003930+002671,op:splice,rep:4 ? Is that the name of a wasm file?

[sbc100]

I think this comes under implementation defined limits: https://webassembly.github.io/spec/core/appendix/implementation.html

We can/should define these limits in wabt.. but even with these limits in place its always possible the host might run out of memory, isn't it? e.g. if you run wasm-interp with a very low ulimit -m