From 1fff8d5cbc336be0570be6e0d2b1a238e4fce22b Mon Sep 17 00:00:00 2001 From: Wenyong Huang Date: Mon, 8 Aug 2022 13:22:23 +0800 Subject: [PATCH] Fix wasm loader issues (#1363) Should not clear last label's polymorphic state after current label is popped Fix invalid func_idx check in opcode REF_FUNC Add check when there are extra unneeded bytecodes for a wasm function --- core/iwasm/interpreter/wasm_loader.c | 17 ++++++++--------- core/iwasm/interpreter/wasm_mini_loader.c | 13 ++++--------- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c index 8c556d99..11653a39 100644 --- a/core/iwasm/interpreter/wasm_loader.c +++ b/core/iwasm/interpreter/wasm_loader.c @@ -6915,14 +6915,14 @@ re_scan: loader_ctx->frame_csp->end_addr = p - 1; } else { - /* end of function block, function will return, - ignore the following bytecodes */ - p = p_end; - - continue; + /* end of function block, function will return */ + if (p < p_end) { + set_error_buf(error_buf, error_buf_size, + "section size mismatch"); + goto fail; + } } - SET_CUR_BLOCK_STACK_POLYMORPHIC_STATE(false); break; } @@ -7588,7 +7588,7 @@ re_scan: goto fail; } - if (func_idx == cur_func_idx) { + if (func_idx == cur_func_idx + module->import_function_count) { WASMTableSeg *table_seg = module->table_segments; bool func_declared = false; uint32 j; @@ -7598,8 +7598,7 @@ re_scan: if (table_seg->elem_type == VALUE_TYPE_FUNCREF && wasm_elem_is_declarative(table_seg->mode)) { for (j = 0; j < table_seg->function_count; j++) { - if (table_seg->func_indexes[j] - == cur_func_idx) { + if (table_seg->func_indexes[j] == func_idx) { func_declared = true; break; } diff --git a/core/iwasm/interpreter/wasm_mini_loader.c b/core/iwasm/interpreter/wasm_mini_loader.c index f54f531a..93b8a606 100644 --- a/core/iwasm/interpreter/wasm_mini_loader.c +++ b/core/iwasm/interpreter/wasm_mini_loader.c @@ -5188,14 +5188,10 @@ re_scan: loader_ctx->frame_csp->end_addr = p - 1; } else { - /* end of function block, function will return, - ignore the following bytecodes */ - p = p_end; - - continue; + /* end of function block, function will return */ + bh_assert(p == p_end); } - SET_CUR_BLOCK_STACK_POLYMORPHIC_STATE(false); break; } @@ -5763,7 +5759,7 @@ re_scan: goto fail; } - if (func_idx == cur_func_idx) { + if (func_idx == cur_func_idx + module->import_function_count) { WASMTableSeg *table_seg = module->table_segments; bool func_declared = false; uint32 j; @@ -5773,8 +5769,7 @@ re_scan: if (table_seg->elem_type == VALUE_TYPE_FUNCREF && wasm_elem_is_declarative(table_seg->mode)) { for (j = 0; j < table_seg->function_count; j++) { - if (table_seg->func_indexes[j] - == cur_func_idx) { + if (table_seg->func_indexes[j] == func_idx) { func_declared = true; break; }