From: Michael Knyszek Date: Thu, 2 Sep 2021 20:51:59 +0000 (-0400) Subject: CVE-2021-38297 X-Git-Tag: archive/raspbian/1.15.15-1_deb11u2+rpi1^2~4 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=04dd58fa59b28b9d2370844c31ef5ff7c14246de;p=golang-1.15.git CVE-2021-38297 Origin: backport, https://github.com/golang/go/commit/4548fcc8 Gbp-Pq: Name 0008-CVE-2021-38297.patch --- diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js index 8501ae7c..b56f3f17 100644 --- a/misc/wasm/wasm_exec.js +++ b/misc/wasm/wasm_exec.js @@ -527,6 +527,13 @@ offset += 8; }); + // The linker guarantees global data starts from at least wasmMinDataAddr. + // Keep in sync with cmd/link/internal/ld/data.go:wasmMinDataAddr. + const wasmMinDataAddr = 4096 + 4096; + if (offset >= wasmMinDataAddr) { + throw new Error("command line too long"); + } + this._inst.exports.run(argc, argv); if (this.exited) { this._resolveExitPromise(); diff --git a/src/cmd/link/internal/ld/data.go b/src/cmd/link/internal/ld/data.go index 2b55a5f6..ee5c7942 100644 --- a/src/cmd/link/internal/ld/data.go +++ b/src/cmd/link/internal/ld/data.go @@ -2268,6 +2268,11 @@ func assignAddress(ctxt *Link, sect *sym.Section, n int, s loader.Sym, va uint64 return sect, n, va } +// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for wasm_exec.js +// to store command line args. Data sections starts from at least address 8192. +// Keep in sync with wasm_exec.js. +const wasmMinDataAddr = 4096 + 4096 + // address assigns virtual addresses to all segments and sections and // returns all segments in file order. func (ctxt *Link) address() []*sym.Segment { @@ -2277,10 +2282,14 @@ func (ctxt *Link) address() []*sym.Segment { order = append(order, &Segtext) Segtext.Rwx = 05 Segtext.Vaddr = va - for _, s := range Segtext.Sections { + for i, s := range Segtext.Sections { va = uint64(Rnd(int64(va), int64(s.Align))) s.Vaddr = va va += s.Length + + if ctxt.IsWasm() && i == 0 && va < wasmMinDataAddr { + va = wasmMinDataAddr + } } Segtext.Length = va - uint64(*FlagTextAddr)