Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[crash] assertion failed in wasmtime_debug::transform::simulate::generate_simulated_dwarf #1506

Closed
pventuzelo opened this issue Apr 14, 2020 · 1 comment · Fixed by #1507
Closed

[crash] assertion failed in wasmtime_debug::transform::simulate::generate_simulated_dwarf #1506

pventuzelo opened this issue Apr 14, 2020 · 1 comment · Fixed by #1507
Labels
bug Incorrect behavior in the current implementation that needs fixing

Comments

@pventuzelo
Copy link
Contributor

pventuzelo commented Apr 14, 2020
edited
Loading

Description

I found a reachable assertion (CWE-617) during fuzzing wasmtime with cranelift backend and almost all features enabled in the config (specifically config.debug_info(true)). The bug seems to be related to generation of DWARF debugging.

Maybe related to #1489
@yurydelendik

Crash

./target/debug/debug_wasmtime_all_cranelift assert_wasmtime_debug_simulated_dwarf.wasm 
Start debugging of wasmtime_all_cranelift
file_to_process: "assert_wasmtime_debug_simulated_dwarf.wasm"
thread 'main' panicked at 'assertion failed: !bytes.contains(&0)', <::std::macros::panic macros>:2:4
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

What are the steps to reproduce the issue?

Download the crashing file:
assert_wasmtime_debug_simulated_dwarf.zip

Testing piece of code:

    use wasmtime::{Config, Engine, Module, Store, Strategy};

    // read data from provided file
    let data = read_contents_from_path(&args[1]).expect("cannot read file content");
    
    let mut config = Config::new();
    match config.strategy(Strategy::Cranelift) {
        Ok(o) => o,
        _ => return,
    };

    config
        .debug_info(true)
        .wasm_threads(true)
        .wasm_reference_types(true)
        .wasm_simd(true)
        .wasm_bulk_memory(true)
        .wasm_multi_value(true);

    let store = Store::new(&Engine::new(&config));
    let _module = Module::from_binary(&store, &data);
}

Which Wasmtime version / commit hash / branch are you using?

crates version: wasmtime = "0.15"

BACKTRACE

RUST_BACKTRACE=1 ./target/debug/debug_wasmtime_all_cranelift assert_wasmtime_debug_simulated_dwarf.wasm
file_to_process: "assert_wasmtime_debug_simulated_dwarf.wasm"
thread 'main' panicked at 'assertion failed: !bytes.contains(&0)', <::std::macros::panic macros>:2:4
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/libunwind.rs:88
[...]
  11: std::panicking::begin_panic
             at /rustc/85976442558bf2d09cec3aa49c9c9ba86fb15c1f/src/libstd/panicking.rs:390
  12: gimli::write::str::StringTable::add
             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-debug-0.15.0/<::std::macros::panic macros>:2
==>  13: wasmtime_debug::transform::simulate::generate_simulated_dwarf
==>             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-debug-0.15.0/src/transform/simulate.rs:293
==>  14: wasmtime_debug::transform::transform_dwarf
==>             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-debug-0.15.0/src/transform/mod.rs:107
==>  15: wasmtime_debug::emit_debugsections_image
==>             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-debug-0.15.0/src/lib.rs:82
  16: wasmtime_jit::compiler::Compiler::compile
             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-jit-0.15.0/src/compiler.rs:215
  17: wasmtime_jit::instantiate::RawCompiledModule::new
             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-jit-0.15.0/src/instantiate.rs:83
  18: wasmtime_jit::instantiate::CompiledModule::new
             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-jit-0.15.0/src/instantiate.rs:154
  19: wasmtime::module::Module::compile
             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-0.15.0/src/module.rs:366
  20: wasmtime::module::Module::from_binary_unchecked
             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-0.15.0/src/module.rs:335
  21: wasmtime::module::Module::from_binary
             at /home/scop/.cargo/registry/src/git.luolix.top-1ecc6299db9ec823/wasmtime-0.15.0/src/module.rs:304
[...]
  32: main
  33: __libc_start_main
  34: _start
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
@pventuzelo pventuzelo added the bug Incorrect behavior in the current implementation that needs fixing label Apr 14, 2020
@yurydelendik yurydelendik mentioned this issue Apr 14, 2020
Merged
@yurydelendik
Copy link
Contributor

Thank you for the report!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Incorrect behavior in the current implementation that needs fixing
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Check .debug_str data that is not from DWARF yurydelendik/wasmtime
2 participants
@yurydelendik @pventuzelo