Fix few integer overflowing

- fix(interpreter): correct offset calculations in wasm_loader_get_const_offset function
- fix(mem-alloc): update offset calculation in gc_migrate for memory migration

Author: lum1n0us

core/iwasm/interpreter/wasm_loader.c

@@ -9693,8 +9693,8 @@ wasm_loader_get_const_offset(WASMLoaderContext *ctx, uint8 type, void *value,
                 *offset = 0;
                 return true;
             }
-            *offset = -(uint32)(ctx->i64_const_num * 2 + ctx->i32_const_num)
-                      + (uint32)(i64_const - ctx->i64_consts) * 2;
+            *offset = (int32)(i64_const - ctx->i64_consts) * 2
+                      - (int32)(ctx->i64_const_num * 2 + ctx->i32_const_num)
         }
         else if (type == VALUE_TYPE_V128) {
             V128 key = *(V128 *)value, *v128_const;
@@ -9704,9 +9704,10 @@ wasm_loader_get_const_offset(WASMLoaderContext *ctx, uint8 type, void *value,
                 *offset = 0;
                 return true;
             }
-            *offset = -(uint32)(ctx->v128_const_num)
-                      + (uint32)(v128_const - ctx->v128_consts);
+            *offset = (int32)(v128_const - ctx->v128_consts)
+                      - (int32)(ctx->v128_const_num);
         }
+
         else {
             int32 key = *(int32 *)value, *i32_const;
             i32_const = bsearch(&key, ctx->i32_consts, ctx->i32_const_num,
@@ -9715,8 +9716,9 @@ wasm_loader_get_const_offset(WASMLoaderContext *ctx, uint8 type, void *value,
                 *offset = 0;
                 return true;
             }
-            *offset = -(uint32)(ctx->i32_const_num)
-                      + (uint32)(i32_const - ctx->i32_consts);
+
+            *offset = (int32)(i32_const - ctx->i32_consts)
+                      - (int32)(ctx->i32_const_num);
         }
 
         return true;

core/shared/mem-alloc/ems/ems_kfc.c

@@ -218,7 +218,7 @@ gc_migrate(gc_handle_t handle, char *pool_buf_new, gc_size_t pool_buf_size)
     gc_heap_t *heap = (gc_heap_t *)handle;
     char *base_addr_new = pool_buf_new + GC_HEAD_PADDING;
     char *pool_buf_end = pool_buf_new + pool_buf_size;
-    intptr_t offset = (uint8 *)base_addr_new - (uint8 *)heap->base_addr;
+    intptr_t offset = 0;
     hmu_t *cur = NULL, *end = NULL;
     hmu_tree_node_t *tree_node;
     uint8 **p_left, **p_right, **p_parent;
@@ -236,6 +236,13 @@ gc_migrate(gc_handle_t handle, char *pool_buf_new, gc_size_t pool_buf_size)
         return GC_ERROR;
     }
 
+    if ((uintptr_t)base_addr_new > (uintptr_t)heap->base_addr) {
+        offset = (uintptr_t)base_addr_new - (uintptr_t)heap->base_addr;
+    }
+    else {
+        offset = (uintptr_t)heap->base_addr - (uintptr_t)base_addr_new;
+    }
+
     if (offset == 0)
         return 0;