Validate func type in aot loader (#3535)

Fix issue reported by Oss-fuzz test (#69629).

core/iwasm/common/wasm_loader_common.c

@@ -4,7 +4,9 @@
  */
 #include "wasm_loader_common.h"
 #include "bh_log.h"
-#include "../interpreter/wasm.h"
+#if WASM_ENABLE_GC != 0
+#include "../common/gc/gc_type.h"
+#endif
 
 static void
 set_error_buf(char *error_buf, uint32 error_buf_size, const char *string,
@@ -56,3 +58,41 @@ wasm_memory_check_flags(const uint8 mem_flag, char *error_buf,
 
     return true;
 }
+
+/*
+ * compare with a bigger type set in `wasm_value_type_size_internal()`,
+ * this function will only cover global value type, function's param
+ * value type and function's result value type.
+ *
+ * please feel free to add more if there are more requirements
+ */
+bool
+is_valid_value_type(uint8 type)
+{
+    if (/* I32/I64/F32/F64, 0x7C to 0x7F */
+        (type >= VALUE_TYPE_F64 && type <= VALUE_TYPE_I32)
+#if WASM_ENABLE_GC != 0
+        /* reference types, 0x65 to 0x70 */
+        || wasm_is_type_reftype(type)
+#elif WASM_ENABLE_REF_TYPES != 0
+        || (type == VALUE_TYPE_FUNCREF || type == VALUE_TYPE_EXTERNREF)
+#endif
+#if WASM_ENABLE_SIMD != 0
+        || type == VALUE_TYPE_V128 /* 0x7B */
+#endif
+    )
+        return true;
+    return false;
+}
+
+bool
+is_valid_func_type(const WASMFuncType *func_type)
+{
+    unsigned i;
+    for (i = 0; i < func_type->param_count + func_type->result_count; i++) {
+        if (!is_valid_value_type(func_type->types[i]))
+            return false;
+    }
+
+    return true;
+}

core/iwasm/common/wasm_loader_common.h

@@ -7,6 +7,7 @@
 #define _WASM_LOADER_COMMON_H
 
 #include "platform_common.h"
+#include "../interpreter/wasm.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -16,6 +17,12 @@ bool
 wasm_memory_check_flags(const uint8 mem_flag, char *error_buf,
                         uint32 error_buf_size, bool is_aot);
 
+bool
+is_valid_value_type(uint8 value_tpye);
+
+bool
+is_valid_func_type(const WASMFuncType *func_type);
+
 #ifdef __cplusplus
 }
 #endif