diff options
| author | Thomas Linford <tlinford@users.noreply.github.com> | 2023-10-02 10:42:30 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-02 10:42:30 +0200 |
| commit | 9f130a3ef903ca7f3e7745291e8e0464110c7acd (patch) | |
| tree | dddf08f28dc20fce1c74e33fb50e4a0c0a88598c | |
| parent | 7ccefc0d6ca6bcc079dcbf24f64ec1368d1b3791 (diff) | |
fix(plugins): address potential security issue (#2830)
* set static_memory_bound to 0
* add explanatory comment
| -rw-r--r-- | zellij-server/src/lib.rs | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/zellij-server/src/lib.rs b/zellij-server/src/lib.rs index bfacbad73..8cb05c8e8 100644 --- a/zellij-server/src/lib.rs +++ b/zellij-server/src/lib.rs @@ -910,8 +910,17 @@ fn init_session( #[cfg(not(feature = "singlepass"))] fn get_store() -> Store { + use wasmer::{BaseTunables, Cranelift, Engine, Pages, Target}; log::info!("Compiling plugins using Cranelift"); - Store::new(wasmer::Cranelift::default()) + + // workaround for https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8 + let mut tunables = BaseTunables::for_target(&Target::default()); + tunables.static_memory_bound = Pages(0); + let compiler = Cranelift::default(); + let mut engine: Engine = compiler.into(); + engine.set_tunables(tunables); + + Store::new(engine) } #[cfg(feature = "singlepass")] |