Fix read and validation of misc/simd/atomic sub opcodes (#3115)

The format of sub opcodes after misc, simd and atomic prefix is leb u32. The issue was found in #2921.
2024-02-02 12:03:58 +08:00
parent b3f728ceb3
commit 2eb60060d8
7 changed files with 75 additions and 28 deletions
--- a/core/iwasm/fast-jit/jit_frontend.c
+++ b/core/iwasm/fast-jit/jit_frontend.c
@ -2257,7 +2257,9 @@ jit_compile_func(JitCompContext *cc)
                uint32 opcode1;

                read_leb_uint32(frame_ip, frame_ip_end, opcode1);
-                opcode = (uint32)opcode1;
+                /* opcode1 was checked in loader and is no larger than
+                   UINT8_MAX */
+                opcode = (uint8)opcode1;

                switch (opcode) {
                    case WASM_OP_I32_TRUNC_SAT_S_F32:
@ -2396,10 +2398,13 @@ jit_compile_func(JitCompContext *cc)
            case WASM_OP_ATOMIC_PREFIX:
            {
                uint8 bin_op, op_type;
+                uint32 opcode1;
+
+                read_leb_uint32(frame_ip, frame_ip_end, opcode1);
+                /* opcode1 was checked in loader and is no larger than
+                   UINT8_MAX */
+                opcode = (uint8)opcode1;

-                if (frame_ip < frame_ip_end) {
-                    opcode = *frame_ip++;
-                }
                if (opcode != WASM_OP_ATOMIC_FENCE) {
                    read_leb_uint32(frame_ip, frame_ip_end, align);
                    read_leb_uint32(frame_ip, frame_ip_end, offset);