libc-wasi: add missing pointer validations to socket functions #4611
Conversation
cf. bytecodealliance#4463 the fix for sock_addr_resolve is incomplete. cf. bytecodealliance#4610
yamt
requested review from
TianlongLiang,
loganek,
lum1n0us,
no1wudi,
wenyongh and
xujuntwt95329
as code owners
lum1n0us
left a comment
lum1n0us
left a comment
There was a problem hiding this comment.
The code is fine, but I'm uncertain about the intention. While there's a possibility of being out of the sandbox, most pointers target local variables in guest language functions. Anyway, safety comes first, so I'm okay with merging it.
lum1n0us
added
the
enhancement
i'm not sure what you mean. |
malicious (or, innocent-but-buggy) guest programs can access host memory past the end of its linear memory. |
Can't argue with that. 😆 |
…odealliance#4611) cf. bytecodealliance#4463 the fix for sock_addr_resolve is incomplete. cf. bytecodealliance#4610
#4665) * libc-wasi: add missing pointer validations to socket functions (#4611) cf. #4463 the fix for sock_addr_resolve is incomplete. cf. #4610 * Sync from main branch - wasi_sock_recv doesn't use src_addr - check src_addr before coverting * CI: use windows-2022 image for now (#4633) github is currently rolling out windows-2025 image. for some reasons, the "path_symlink_trailing_slashes" test case in wasi testsuite fails on windows-2025 image. someone familar with windows need to investigate what was the key difference between 2022 and 2025. until that happens, this commit makes our CI use windows-2022 image. cf. #4632 actions/runner-images#12677 --------- Co-authored-by: YAMAMOTO Takashi <[email protected]>
…odealliance#4611) cf. bytecodealliance#4463 the fix for sock_addr_resolve is incomplete. cf. bytecodealliance#4610
3 participants
cf. #4463
the fix for sock_addr_resolve is incomplete.
cf. #4610