From 64c0b15c52ab00dbb8594f87ba4d59b3f14e2300 Mon Sep 17 00:00:00 2001 From: Wenyong Huang Date: Tue, 20 Sep 2022 12:40:24 +0800 Subject: [PATCH] loader: Sub local count can be 0 (#1504) Sub local count is allowed to be 0 in each group of function local types. --- core/iwasm/interpreter/wasm_loader.c | 4 ++-- core/iwasm/interpreter/wasm_mini_loader.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c index e424ebca..ab22d294 100644 --- a/core/iwasm/interpreter/wasm_loader.c +++ b/core/iwasm/interpreter/wasm_loader.c @@ -1950,8 +1950,8 @@ load_function_section(const uint8 *buf, const uint8 *buf_end, local_type_index = 0; for (j = 0; j < local_set_count; j++) { read_leb_uint32(p_code, buf_code_end, sub_local_count); - if (!sub_local_count - || local_type_index > UINT32_MAX - sub_local_count + /* Note: sub_local_count is allowed to be 0 */ + if (local_type_index > UINT32_MAX - sub_local_count || local_type_index + sub_local_count > local_count) { set_error_buf(error_buf, error_buf_size, "invalid local count"); diff --git a/core/iwasm/interpreter/wasm_mini_loader.c b/core/iwasm/interpreter/wasm_mini_loader.c index fab97dbd..a2f58956 100644 --- a/core/iwasm/interpreter/wasm_mini_loader.c +++ b/core/iwasm/interpreter/wasm_mini_loader.c @@ -1013,8 +1013,8 @@ load_function_section(const uint8 *buf, const uint8 *buf_end, local_type_index = 0; for (j = 0; j < local_set_count; j++) { read_leb_uint32(p_code, buf_code_end, sub_local_count); - bh_assert(sub_local_count - && local_type_index <= UINT32_MAX - sub_local_count + /* Note: sub_local_count is allowed to be 0 */ + bh_assert(local_type_index <= UINT32_MAX - sub_local_count && local_type_index + sub_local_count <= local_count); CHECK_BUF(p_code, buf_code_end, 1);