fix(kernel): fix potential overflow in bounds check when lots of memory has been allocated (#663)

- Fixes potential overflow in bounds checking function - Found by running the `check_large_allocations` quickcheck test in a loop
2026-01-08 21:38:13 -05:00 · 2024-01-19 16:14:36 -08:00
parent 1f1e2699cb
commit 8c8e4a6ffb
3 changed files with 40 additions and 4 deletions
--- a/kernel/src/lib.rs
+++ b/kernel/src/lib.rs
@@ -198,8 +198,8 @@ impl MemoryRoot {
    fn pointer_in_bounds_fast(p: Pointer) -> bool {
        // Similar to `pointer_in_bounds` but less accurate on the upper bound. This uses the total memory size,
        // instead of checking `MemoryRoot::length`
-        let end = core::arch::wasm32::memory_size(0) << 16;
-        p >= core::mem::size_of::<Self>() as Pointer && p <= end as Pointer
+        let end = (core::arch::wasm32::memory_size(0) as u64) << 16;
+        p >= core::mem::size_of::<Self>() as Pointer && p <= end as u64
    }

    // Find a block that is free to use, this can be a new block or an existing freed block. The `self_position` argument
@@ -619,4 +619,23 @@ mod test {
            assert_eq!(length(3788), 4);
        }
    }
+
+    #[wasm_bindgen_test]
+    fn test_oom() {
+        let size = 1024 * 1024 * 5;
+
+        let mut last = 0;
+        for _ in 0..1024 {
+            unsafe {
+                let ptr = alloc(size);
+                last = ptr;
+                if ptr == 0 {
+                    break;
+                }
+                assert_eq!(length(ptr), size);
+            }
+        }
+
+        assert_eq!(last, 0);
+    }
 }