wasm 内存越界读写测试#
手工编写一个 wasm 模块,wat 代码如下:
- 声明需要一段内存空间
- 暴露两个函数,写内存和读内存,之后在 js 代码中调用
(module
;;声明需要提供内存
(import "env" "memory" (memory 1 2)) ;; 初始 1 页,最大 2 页
;; 写入 i32 到内存[offset]
(func (export "writeToMemory") (param i32) (param i32)
(i32.store
(local.get 0)
(local.get 1)
)
)
;; 从内存[offset] 读取 i32
(func (export "readFromMemory") (param i32) (result i32)
(i32.load
(local.get 0)
)
)
)
然后编译为为 wasm 模块
wat2wasm memory_test.wat -o memory_test.wasm
编写 js 代码
const fs = require('fs');
(async () => {
const memory = new WebAssembly.Memory({ initial: 1, maximum: 2 });
const importObject = {
env: {
memory: memory
}
};
// 读取wasm,分配内存
const wasmBuffer = fs.readFileSync('./memory_test.wasm');
const wasmModule = await WebAssembly.instantiate(wasmBuffer, importObject);
const { writeToMemory, readFromMemory} = wasmModule.instance.exports;
const inBoundsOffset = 65532; // 正常偏移
const outOfBoundsOffset = 70000; // 越界偏移
// 测试正常写入和读取
writeToMemory(inBoundsOffset, 123456);
console.log("读取数据:", readFromMemory(inBoundsOffset));
try {
// 👇 试图越界写入
console.log("尝试越界写数据");
writeToMemory(outOfBoundsOffset, 999);
} catch (err) {
console.error("越界写错误:", err.message);
console.log(err);
}
try {
// 👇 试图越界读取
console.log("尝试越界读数据");
console.log(readFromMemory(outOfBoundsOffset));
} catch (err) {
console.error("越界读错误:", err.message);
console.log(err);
}
})();
运行结果,可以发现此时是报错的
❯ node main.js
读取数据: 123456
尝试越界写数据
越界写错误: memory access out of bounds
RuntimeError: memory access out of bounds
at wasm://wasm/488cc87e:wasm-function[0]:0x59
at /Users/rayepeng/Documents/code/wasm-memory-test/main.js:26:5
尝试越界读数据
越界读错误: memory access out of bounds
RuntimeError: memory access out of bounds
at wasm://wasm/488cc87e:wasm-function[1]:0x61
at /Users/rayepeng/Documents/code/wasm-memory-test/main.js:35:17