From 7d4213b3abd5360c88e9120c3bc68ffd9b8a6870 Mon Sep 17 00:00:00 2001
From: Shen-Ta Hsieh <beststeve@secondstate.io>
Date: Mon, 30 Oct 2023 16:15:41 +0800
Subject: [PATCH] [AOT] Validate AOT section header fields

Signed-off-by: Shen-Ta Hsieh <beststeve@secondstate.io>
---
 lib/loader/shared_library.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/loader/shared_library.cpp b/lib/loader/shared_library.cpp
index 0d8edbb80359..a868a897a40a 100644
--- a/lib/loader/shared_library.cpp
+++ b/lib/loader/shared_library.cpp
@@ -96,7 +96,10 @@ Expect<void> SharedLibrary::load(const AST::AOTSection &AOTSec) noexcept {
     const auto Offset = std::get<1>(Section);
     const auto Size = std::get<2>(Section);
     const auto &Content = std::get<3>(Section);
-    assuming(Content.size() <= Size);
+    if (Size > BinarySize || Offset > BinarySize ||
+        Offset + Size > BinarySize || Content.size() > Size) {
+      return Unexpect(ErrCode::Value::IntegerTooLarge);
+    }
     std::copy(Content.begin(), Content.end(), Binary + Offset);
     switch (std::get<0>(Section)) {
     case 1: { // Text
@@ -116,6 +119,8 @@ Expect<void> SharedLibrary::load(const AST::AOTSection &AOTSec) noexcept {
           static_cast<uint32_t>(Size / sizeof(winapi::RUNTIME_FUNCTION_));
       break;
 #endif
+    default:
+      return Unexpect(ErrCode::Value::IntegerTooLarge);
     }
   }