Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Mazuva mashoma apfuura iyo lWasmtime 6.0.1, 5.0.1 uye 4.0.1 kugadzirisa zvigadziriso zvakaburitswa , que vanowana kugadzirisa kusagadzikana (yatove yakanyorwa pasi peCVE-2023-26489) iyo yakakosheswa.
Kunetseka inobvumira kuronga kunyorwa kwe data munzvimbo yekuyeuka kunze kwemiganhu inobvumirwa yeWebAssembly kodhi yakazvimiririra, inogona kushandiswa neanorwisa kuronga maitirwo ekodhi yavo kunze kwenzvimbo iri yoga yeWASI.
Kune avo vasina kujairana neWasmtime, iwe unofanirwa kuziva kuti ino inguva yekumhanya yekushandisa WebAssembly application neWASI (WebAssembly System Interface) ekuwedzera seyakajairwa yakamira maapplication.
Wasmtime yakanyorwa muRust uye kushaya simba kunokonzerwa nekukanganisa kunonzwisisika mutsanangudzo yemitemo yenzira yemutsara ndangariro muCranelift kodhi jenareta, iyo inodudzira inomiririra yepakati yakazvimirira yehardware zvivakwa kuita kodhi yemuchina kodhi ye x86_64 yekuvakisa.
Nezvekusagadzikana kwakagadziriswa, kunotaurwa kuti kunyanya, anoshanda 35-bit kero akaverengerwa yeWebAssembly application panzvimbo ye 33-bit kero inotenderwa muWebAssembly, iyo yakashandura iyo chaiyo yekurangarira muganho inobvumirwa kuverenga nekunyora mashandiro kusvika ku34 GB, nepo sandbox nharaunda yekumisikidza inopa dziviriro ye6 GB. kubva pachigadziko kero.
Wasmtime's kodhi jenareta, Cranelift, ine bhagi mu x86_64 zvibodzwa uko kero modhi yekuverenga ingaverengera zvisizvo 35-bit kero inoshanda panzvimbo ye33-bit kero inoshanda inotsanangurwa neWebAssembly. Iyi bug inoreva kuti, neiyo default kodhi chizvarwa kumisikidza, iyo wasm-inodzorwa mutoro / chitoro mashandiro anogona kuverenga / kunyora kero anosvika makumi matatu neshanu mabheti kubva pachigadziko chemutsara ndangariro.
Semagumo, iyo chaiyo yekuyeuka kubva pa6 kusvika ku34 GB kubva pakero yepasi yakavepo yekuverenga nekunyora kubva kuWebAssembly application. Iyi ndangariro inogona kubata dzimwe WebAssembly nharaunda kana WebAssembly runtime zvikamu.
Semuenzaniso (i32.load (i32.shl (local.get 0) (i32.const 3))), inotakurwa kubva kuWebAssembly kero $ local0 << 3. Kana yakashandurwa kuCranelift, kuverenga kwe $ local0 << 3 kusvika iyo 32-bit kukosha, yakawedzera zero kusvika ku64-bit kukosha, uye yobva yawedzerwa kubhesi kero yemutsara ndangariro. Cranelift yaizoburitsa chirevo chefomu movl(% base, %local0, 8), %dst inosanganisa %base + %local0 <<3.
Chikanganiso chiri pano, zvisinei, ndechekuti kuverenga kwekero kunoitika ne 64-bit values, uko $ local0 << 3 yaifanirwa kudzikisa kero kune 32-bit kukosha. Izvi zvinoreva kuti % local0, iyo inogona kushandisa kusvika ku32 bits kukero, inowana imwe 3 bits yekero nzvimbo kuti iwanikwe kuburikidza ne movl .
Pakupedzisira, senguva dzose zvinokurudzirwa kugadzirisa pasuru kune yazvino vhezheni iripoIzvo zvakakoshawo kutaura kuti kune akati wandei mhinduro dzinogona kushandiswa kuderedza dambudziko iri kana iyo yekuvandudza isingagoneke.
Zvinonzi hapana kana imwe yemhinduro idzi iripo nekusarudzika uye inoda kurongeka kwakajeka:
- Kana zvisingaite kugadzirisa iyo Wasmtime vhezheni, iyo sarudzo "Config ::static_memory_maximum_size(0)" inotaurwa kugonesa inosungirwa miganhu yekutarisa pane chero mutsara ndangariro yekuwana senge workaround kuvharira chikanganiso (chinoguma mukukanganisa kwakakosha kwekuita) .
- Imwe sarudzo ndeye kushandisa "Config::static_memory_guard_size(1 <36)" kuseta kuti uwedzere huwandu hwemapeji evarindi (Peji Yevarindi, kukanda kunze kana yasvikirwa) iri mudambudziko rekurangarira ndangariro (inotungamira kuchengetedza huwandu hukuru hwemaviri. ndangariro uye kudzikisira huwandu hweakafanana WebAssembly application).
- Kana zvichikwanisika kushandisa isiri-x86_64 host, iyo inogadzirisawo kukanganisa uku. Iyi bug haikanganisi iyo AArch64 backend yeWasmtime kana Cranelift, semuenzaniso.
Finalmente Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu chinotevera chinongedzo.