Comments (2)
trcrsired
commented on August 14, 2024
after patching the binary
cqwrteur@otsiningo:~/Libraries/fast_io/examples/0007.legacy$ clang++ -o construct_fstream_from_syscall construct_fstream_from_syscall.cc -s -flto=thin -std=c++26 -I../../include --target=wasm32-wasip1 --sysroot=/home/cqwrteur/toolchains/llvm/sysroots/wasm-sysroots/wasm-noeh-memtag-sysroot/wasm32-wasip1 -fno-exceptions -fno-rtti -Ofast -fsanitize=memtag
cqwrteur@otsiningo:~/Libraries/fast_io/examples/0007.legacy$ wavm run --enable memtag --mount-root . ./construct_fstream_from_syscall
Unix Timestamp:1718406476.713804722
Universe Timestamp:434602343147641676.713804722
UTC:2024-06-14T23:07:56.713804722Z
Local:2024-06-14T23:07:56.713804722Z Timezone:UTC
LLVM clang 19.0.0git ([email protected]:trcrsired/llvm-project.git e41af7174893dcae864e5046ea284948ae197f3b)
LLVM libc++ 190000
fstream.rdbuf():0xa0014ab4
FILE*:0xf0014d20
fd:5
cqwrteur@otsiningo:~/Libraries/fast_io/examples/0007.legacy$ clang++ -o construct_fstream_from_syscall construct_fstream_from_syscall.cc -s -flto=thin -std=c++26 -I../../include -Ofast -fsanitize=address,undefined -fuse-ld=mold
cqwrteur@otsiningo:~/Libraries/fast_io/examples/0007.legacy$ ./construct_fstream_from_syscall
Unix Timestamp:1718406535.528581469
Universe Timestamp:434602343147641735.528581469
UTC:2024-06-14T23:08:55.528581469Z
Local:2024-06-14T18:08:55.528581469-05:00 Timezone:EST
LLVM clang 19.0.0git ([email protected]:trcrsired/llvm-project.git e41af7174893dcae864e5046ea284948ae197f3b)
GNU C Library 2.39
GNU C++ Library 14 20240522
fstream.rdbuf():0x00007ffc23d7c988
FILE*:0x0000515000000080
fd:3
cqwrteur@otsiningo:~/Libraries/fast_io/examples/0007.legacy$ clang++ -o construct_fstream_from_syscall construct_fstream_from_syscall.cc -s -flto=thin -std=c++26 -I../../include -Ofast -fsanitize=address,undefined -fuse-ld=mold -stdlib=libc++
cqwrteur@otsiningo:~/Libraries/fast_io/examples/0007.legacy$ ./construct_fstream_from_syscall
Unix Timestamp:1718406589.09137612
Universe Timestamp:434602343147641789.09137612
UTC:2024-06-14T23:09:49.09137612Z
Local:2024-06-14T18:09:49.09137612-05:00 Timezone:EST
LLVM clang 19.0.0git ([email protected]:trcrsired/llvm-project.git e41af7174893dcae864e5046ea284948ae197f3b)
GNU C Library 2.39
LLVM libc++ 190000
fstream.rdbuf():0x00007ffcf702b668
FILE*:0x0000515000000080
fd:3
This demonstrates that the issue lies within wasi-libc, not my fast_io library. I recommend transitioning wasi libc to LLVM libc. The ease with which this bug occurs suggests there may be numerous security vulnerabilities in wasi libc from a statistical perspective. Modifying musl is unlikely to address it effectively. I propose involving LLVM developers in maintaining the libc.
from wasi-libc.
pchickey
commented on August 14, 2024
Thanks you for the bug report. The code you found it producing a null pointer dereference
wasi-libc/libc-top-half/musl/src/time/__tz.c
Lines 436 to 440 in 3184536
from wasi-libc.
Related Issues (20)
- Please tag wasi-sdk-21 HOT 2
- is there any plan to support mqueue/rwlock api? HOT 1
- Support sigaction (for LLVM) HOT 1
- how does preview2 deal with wasm64? HOT 2
- locking issues in chdir.c
- O_RESOLVE_BENEATH is forced HOT 4
- both `/` and `.` preopens "normlaize" to empty string meaning it is not possible to preopen root and current dir simultaneously HOT 6
- main in a library regression HOT 2
- Enhancement request: interface to get the wasi-libc version at runtime HOT 2
- Support `mprotect` in wasi-emulated-mman HOT 6
- Consider including a pthread.h for all targets HOT 5
- httpclient module for API request HOT 1
- wasi-libc should probably not define `_POSIX_CPUTIME` and `_POSIX_THREAD_CPUTIME`...
- Command line length limits are easily exceeded on Windows HOT 1
- Keep/separate out a list of symbols that are only stubs
- sysroot for wasm64
- FTS Support HOT 1
- Support WASIp2 sockets in `read` and `write`
- [msys2] AR is set as gcc in UCRT64 and MINGW64 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wasi-libc.