wasm: fix async host functions that pass in bad parameters

If a guest passes a bad buffer, we could throw in args translation and that would cause a C++ exception to be risen into Rust over an FFI boundary, which is bad (TM) and causes a process abort. Signed-off-by: Tyler Rockwood <rockwood@redpanda.com>
redpanda-data · May 2, 2024 · 146adab · 146adab
1 parent a1a5b38
commit 146adab
Showing 1 changed file with 25 additions and 17 deletions.
diff --git a/src/v/wasm/wasmtime.cc b/src/v/wasm/wasmtime.cc
@@ -1090,23 +1090,31 @@ struct host_function<module_func> {
       memory* mem,
       std::span<const wasmtime_val_t> args,
       std::span<wasmtime_val_t> results) {
-        auto raw = to_raw_values(args);
-        auto host_params = ffi::extract_parameters<ArgTypes...>(mem, raw, 0);
-        using FutureType = typename ReturnType::value_type;
-        if constexpr (std::is_void_v<FutureType>) {
-            return ss::futurize_apply(
-              module_func,
-              std::tuple_cat(
-                std::make_tuple(host_module), std::move(host_params)));
-        } else {
-            return ss::futurize_apply(
-                     module_func,
-                     std::tuple_cat(
-                       std::make_tuple(host_module), std::move(host_params)))
-              .then([results](FutureType host_future_result) {
-                  results[0] = convert_to_wasmtime<FutureType>(
-                    host_future_result);
-              });
+        try {
+            auto raw = to_raw_values(args);
+            auto host_params = ffi::extract_parameters<ArgTypes...>(
+              mem, raw, 0);
+            using FutureType = typename ReturnType::value_type;
+            if constexpr (std::is_void_v<FutureType>) {
+                return std::apply(
+                  module_func,
+                  std::tuple_cat(
+                    std::make_tuple(host_module), std::move(host_params)));
+            } else {
+                return std::apply(
+                         module_func,
+                         std::tuple_cat(
+                           std::make_tuple(host_module),
+                           std::move(host_params)))
+                  .then([results](FutureType host_future_result) {
+                      // This is safe to write too because wasmtime ensures the
+                      // result is kept alive until the future completes.
+                      results[0] = convert_to_wasmtime<FutureType>(
+                        host_future_result);
+                  });
+            }
+        } catch (...) {
+            return ss::current_exception_as_future();
         }
     }