From 21819fcff656ba94104a08d1b377e15eef3c7c0b Mon Sep 17 00:00:00 2001 From: Xu Jun Date: Fri, 1 Mar 2024 10:15:17 +0800 Subject: [PATCH] Fix dynamic offset in BR for block with return type (#3192) The issue was reported in https://github.com/bytecodealliance/wasm-micro-runtime/issues/3170. --- core/iwasm/interpreter/wasm_loader.c | 1 + core/iwasm/interpreter/wasm_mini_loader.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c index 70d353dd..8bf2ed92 100644 --- a/core/iwasm/interpreter/wasm_loader.c +++ b/core/iwasm/interpreter/wasm_loader.c @@ -9028,6 +9028,7 @@ wasm_loader_emit_br_info(WASMLoaderContext *ctx, BranchBlock *frame_csp, /* Part e */ dynamic_offset = frame_csp->dynamic_offset + wasm_get_cell_num(types, arity); + ctx->dynamic_offset = dynamic_offset; for (i = (int32)arity - 1; i >= 0; i--) { cell = (uint8)wasm_value_type_cell_num(types[i]); dynamic_offset -= cell; diff --git a/core/iwasm/interpreter/wasm_mini_loader.c b/core/iwasm/interpreter/wasm_mini_loader.c index b8f74b8f..2b28d676 100644 --- a/core/iwasm/interpreter/wasm_mini_loader.c +++ b/core/iwasm/interpreter/wasm_mini_loader.c @@ -4750,6 +4750,7 @@ wasm_loader_emit_br_info(WASMLoaderContext *ctx, BranchBlock *frame_csp, /* Part e */ dynamic_offset = frame_csp->dynamic_offset + wasm_get_cell_num(types, arity); + ctx->dynamic_offset = dynamic_offset; for (i = (int32)arity - 1; i >= 0; i--) { cell = (uint8)wasm_value_type_cell_num(types[i]); dynamic_offset -= cell; @@ -5552,9 +5553,6 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth, frame_ref_buf, total_size); #if WASM_ENABLE_FAST_INTERP != 0 - /* The stack operand num should not be smaller than before - after pop and push operations */ - bh_assert(loader_ctx->reftype_map_num >= reftype_map_num_old); loader_ctx->frame_offset = loader_ctx->frame_offset_bottom + stack_cell_num_old; total_size = (uint32)sizeof(int16)