Skip to content

Commit 4b306f0

Browse files
srberardsrberard
authored
fix(tailcall): Fixes heap buffer overflow in fast interpreter (#4916) (#4917)
Signed-off-by: Stephen Berard <stephen.berard@outlook.com>
1 parent 38ff8a7 commit 4b306f0

File tree

5 files changed

+308
-0
lines changed

5 files changed

+308
-0
lines changed

core/iwasm/interpreter/wasm_interp_fast.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7576,6 +7576,13 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
75767576
}
75777577
}
75787578
frame->lp = frame->operand + cur_func->const_cell_num;
7579+
if ((uint8 *)(frame->lp + cur_func->param_cell_num)
7580+
> exec_env->wasm_stack.top_boundary) {
7581+
if (lp_base)
7582+
wasm_runtime_free(lp_base);
7583+
wasm_set_exception(module, "wasm operand stack overflow");
7584+
goto got_exception;
7585+
}
75797586
if (lp - lp_base > 0) {
75807587
word_copy(frame->lp, lp_base, lp - lp_base);
75817588
}

tests/regression/ba-issues/build_wamr.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,4 +63,7 @@ build_iwasm "-DWAMR_BUILD_REF_TYPES=1 -DWAMR_BUILD_FAST_JIT=1 -DWAMR_BUILD_SIMD=
6363
# build default iwasm for testing wasm loader with branch hints enabled
6464
build_iwasm "-DWAMR_BUILD_BRANCH_HINTS=1" "default-branch-hints-enabled"
6565

66+
# build default iwasm for testing tail call with fast-interp
67+
build_iwasm "-DWAMR_BUILD_REF_TYPES=1 -DWAMR_BUILD_FAST_INTERP=1 -DWAMR_BUILD_TAIL_CALL=1 -DWAMR_BUILD_LIBC_WASI=0" "default-tail-call-wasi-disabled"
68+
6669
# TODO: add more version of iwasm, for example, sgx version

tests/regression/ba-issues/issues/issue-4916/tail_call_stack_overflow.wasm

3.99 KB
Binary file not shown.

tests/regression/ba-issues/issues/issue-4916/tail_call_stack_overflow.wat

Lines changed: 282 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,282 @@
1+
(module
2+
3+
;; Callee has ~1000 const cells (500 unique i64 constants).
4+
;; When tiny_caller does a return_call to this function, the fast interpreter
5+
;; must stage the parameter at frame->operand + callee->const_cell_num.
6+
;; Without the fix, this write extends past the end of tiny_caller's small
7+
;; frame and corrupts adjacent heap memory.
8+
(func $callee (param i32) (result i32)
9+
(drop (i64.add (i64.const 100000000001) (i64.const 100000000002)))
10+
(drop (i64.add (i64.const 100000000003) (i64.const 100000000004)))
11+
(drop (i64.add (i64.const 100000000005) (i64.const 100000000006)))
12+
(drop (i64.add (i64.const 100000000007) (i64.const 100000000008)))
13+
(drop (i64.add (i64.const 100000000009) (i64.const 100000000010)))
14+
(drop (i64.add (i64.const 100000000011) (i64.const 100000000012)))
15+
(drop (i64.add (i64.const 100000000013) (i64.const 100000000014)))
16+
(drop (i64.add (i64.const 100000000015) (i64.const 100000000016)))
17+
(drop (i64.add (i64.const 100000000017) (i64.const 100000000018)))
18+
(drop (i64.add (i64.const 100000000019) (i64.const 100000000020)))
19+
(drop (i64.add (i64.const 100000000021) (i64.const 100000000022)))
20+
(drop (i64.add (i64.const 100000000023) (i64.const 100000000024)))
21+
(drop (i64.add (i64.const 100000000025) (i64.const 100000000026)))
22+
(drop (i64.add (i64.const 100000000027) (i64.const 100000000028)))
23+
(drop (i64.add (i64.const 100000000029) (i64.const 100000000030)))
24+
(drop (i64.add (i64.const 100000000031) (i64.const 100000000032)))
25+
(drop (i64.add (i64.const 100000000033) (i64.const 100000000034)))
26+
(drop (i64.add (i64.const 100000000035) (i64.const 100000000036)))
27+
(drop (i64.add (i64.const 100000000037) (i64.const 100000000038)))
28+
(drop (i64.add (i64.const 100000000039) (i64.const 100000000040)))
29+
(drop (i64.add (i64.const 100000000041) (i64.const 100000000042)))
30+
(drop (i64.add (i64.const 100000000043) (i64.const 100000000044)))
31+
(drop (i64.add (i64.const 100000000045) (i64.const 100000000046)))
32+
(drop (i64.add (i64.const 100000000047) (i64.const 100000000048)))
33+
(drop (i64.add (i64.const 100000000049) (i64.const 100000000050)))
34+
(drop (i64.add (i64.const 100000000051) (i64.const 100000000052)))
35+
(drop (i64.add (i64.const 100000000053) (i64.const 100000000054)))
36+
(drop (i64.add (i64.const 100000000055) (i64.const 100000000056)))
37+
(drop (i64.add (i64.const 100000000057) (i64.const 100000000058)))
38+
(drop (i64.add (i64.const 100000000059) (i64.const 100000000060)))
39+
(drop (i64.add (i64.const 100000000061) (i64.const 100000000062)))
40+
(drop (i64.add (i64.const 100000000063) (i64.const 100000000064)))
41+
(drop (i64.add (i64.const 100000000065) (i64.const 100000000066)))
42+
(drop (i64.add (i64.const 100000000067) (i64.const 100000000068)))
43+
(drop (i64.add (i64.const 100000000069) (i64.const 100000000070)))
44+
(drop (i64.add (i64.const 100000000071) (i64.const 100000000072)))
45+
(drop (i64.add (i64.const 100000000073) (i64.const 100000000074)))
46+
(drop (i64.add (i64.const 100000000075) (i64.const 100000000076)))
47+
(drop (i64.add (i64.const 100000000077) (i64.const 100000000078)))
48+
(drop (i64.add (i64.const 100000000079) (i64.const 100000000080)))
49+
(drop (i64.add (i64.const 100000000081) (i64.const 100000000082)))
50+
(drop (i64.add (i64.const 100000000083) (i64.const 100000000084)))
51+
(drop (i64.add (i64.const 100000000085) (i64.const 100000000086)))
52+
(drop (i64.add (i64.const 100000000087) (i64.const 100000000088)))
53+
(drop (i64.add (i64.const 100000000089) (i64.const 100000000090)))
54+
(drop (i64.add (i64.const 100000000091) (i64.const 100000000092)))
55+
(drop (i64.add (i64.const 100000000093) (i64.const 100000000094)))
56+
(drop (i64.add (i64.const 100000000095) (i64.const 100000000096)))
57+
(drop (i64.add (i64.const 100000000097) (i64.const 100000000098)))
58+
(drop (i64.add (i64.const 100000000099) (i64.const 100000000100)))
59+
(drop (i64.add (i64.const 100000000101) (i64.const 100000000102)))
60+
(drop (i64.add (i64.const 100000000103) (i64.const 100000000104)))
61+
(drop (i64.add (i64.const 100000000105) (i64.const 100000000106)))
62+
(drop (i64.add (i64.const 100000000107) (i64.const 100000000108)))
63+
(drop (i64.add (i64.const 100000000109) (i64.const 100000000110)))
64+
(drop (i64.add (i64.const 100000000111) (i64.const 100000000112)))
65+
(drop (i64.add (i64.const 100000000113) (i64.const 100000000114)))
66+
(drop (i64.add (i64.const 100000000115) (i64.const 100000000116)))
67+
(drop (i64.add (i64.const 100000000117) (i64.const 100000000118)))
68+
(drop (i64.add (i64.const 100000000119) (i64.const 100000000120)))
69+
(drop (i64.add (i64.const 100000000121) (i64.const 100000000122)))
70+
(drop (i64.add (i64.const 100000000123) (i64.const 100000000124)))
71+
(drop (i64.add (i64.const 100000000125) (i64.const 100000000126)))
72+
(drop (i64.add (i64.const 100000000127) (i64.const 100000000128)))
73+
(drop (i64.add (i64.const 100000000129) (i64.const 100000000130)))
74+
(drop (i64.add (i64.const 100000000131) (i64.const 100000000132)))
75+
(drop (i64.add (i64.const 100000000133) (i64.const 100000000134)))
76+
(drop (i64.add (i64.const 100000000135) (i64.const 100000000136)))
77+
(drop (i64.add (i64.const 100000000137) (i64.const 100000000138)))
78+
(drop (i64.add (i64.const 100000000139) (i64.const 100000000140)))
79+
(drop (i64.add (i64.const 100000000141) (i64.const 100000000142)))
80+
(drop (i64.add (i64.const 100000000143) (i64.const 100000000144)))
81+
(drop (i64.add (i64.const 100000000145) (i64.const 100000000146)))
82+
(drop (i64.add (i64.const 100000000147) (i64.const 100000000148)))
83+
(drop (i64.add (i64.const 100000000149) (i64.const 100000000150)))
84+
(drop (i64.add (i64.const 100000000151) (i64.const 100000000152)))
85+
(drop (i64.add (i64.const 100000000153) (i64.const 100000000154)))
86+
(drop (i64.add (i64.const 100000000155) (i64.const 100000000156)))
87+
(drop (i64.add (i64.const 100000000157) (i64.const 100000000158)))
88+
(drop (i64.add (i64.const 100000000159) (i64.const 100000000160)))
89+
(drop (i64.add (i64.const 100000000161) (i64.const 100000000162)))
90+
(drop (i64.add (i64.const 100000000163) (i64.const 100000000164)))
91+
(drop (i64.add (i64.const 100000000165) (i64.const 100000000166)))
92+
(drop (i64.add (i64.const 100000000167) (i64.const 100000000168)))
93+
(drop (i64.add (i64.const 100000000169) (i64.const 100000000170)))
94+
(drop (i64.add (i64.const 100000000171) (i64.const 100000000172)))
95+
(drop (i64.add (i64.const 100000000173) (i64.const 100000000174)))
96+
(drop (i64.add (i64.const 100000000175) (i64.const 100000000176)))
97+
(drop (i64.add (i64.const 100000000177) (i64.const 100000000178)))
98+
(drop (i64.add (i64.const 100000000179) (i64.const 100000000180)))
99+
(drop (i64.add (i64.const 100000000181) (i64.const 100000000182)))
100+
(drop (i64.add (i64.const 100000000183) (i64.const 100000000184)))
101+
(drop (i64.add (i64.const 100000000185) (i64.const 100000000186)))
102+
(drop (i64.add (i64.const 100000000187) (i64.const 100000000188)))
103+
(drop (i64.add (i64.const 100000000189) (i64.const 100000000190)))
104+
(drop (i64.add (i64.const 100000000191) (i64.const 100000000192)))
105+
(drop (i64.add (i64.const 100000000193) (i64.const 100000000194)))
106+
(drop (i64.add (i64.const 100000000195) (i64.const 100000000196)))
107+
(drop (i64.add (i64.const 100000000197) (i64.const 100000000198)))
108+
(drop (i64.add (i64.const 100000000199) (i64.const 100000000200)))
109+
(drop (i64.add (i64.const 100000000201) (i64.const 100000000202)))
110+
(drop (i64.add (i64.const 100000000203) (i64.const 100000000204)))
111+
(drop (i64.add (i64.const 100000000205) (i64.const 100000000206)))
112+
(drop (i64.add (i64.const 100000000207) (i64.const 100000000208)))
113+
(drop (i64.add (i64.const 100000000209) (i64.const 100000000210)))
114+
(drop (i64.add (i64.const 100000000211) (i64.const 100000000212)))
115+
(drop (i64.add (i64.const 100000000213) (i64.const 100000000214)))
116+
(drop (i64.add (i64.const 100000000215) (i64.const 100000000216)))
117+
(drop (i64.add (i64.const 100000000217) (i64.const 100000000218)))
118+
(drop (i64.add (i64.const 100000000219) (i64.const 100000000220)))
119+
(drop (i64.add (i64.const 100000000221) (i64.const 100000000222)))
120+
(drop (i64.add (i64.const 100000000223) (i64.const 100000000224)))
121+
(drop (i64.add (i64.const 100000000225) (i64.const 100000000226)))
122+
(drop (i64.add (i64.const 100000000227) (i64.const 100000000228)))
123+
(drop (i64.add (i64.const 100000000229) (i64.const 100000000230)))
124+
(drop (i64.add (i64.const 100000000231) (i64.const 100000000232)))
125+
(drop (i64.add (i64.const 100000000233) (i64.const 100000000234)))
126+
(drop (i64.add (i64.const 100000000235) (i64.const 100000000236)))
127+
(drop (i64.add (i64.const 100000000237) (i64.const 100000000238)))
128+
(drop (i64.add (i64.const 100000000239) (i64.const 100000000240)))
129+
(drop (i64.add (i64.const 100000000241) (i64.const 100000000242)))
130+
(drop (i64.add (i64.const 100000000243) (i64.const 100000000244)))
131+
(drop (i64.add (i64.const 100000000245) (i64.const 100000000246)))
132+
(drop (i64.add (i64.const 100000000247) (i64.const 100000000248)))
133+
(drop (i64.add (i64.const 100000000249) (i64.const 100000000250)))
134+
(drop (i64.add (i64.const 100000000251) (i64.const 100000000252)))
135+
(drop (i64.add (i64.const 100000000253) (i64.const 100000000254)))
136+
(drop (i64.add (i64.const 100000000255) (i64.const 100000000256)))
137+
(drop (i64.add (i64.const 100000000257) (i64.const 100000000258)))
138+
(drop (i64.add (i64.const 100000000259) (i64.const 100000000260)))
139+
(drop (i64.add (i64.const 100000000261) (i64.const 100000000262)))
140+
(drop (i64.add (i64.const 100000000263) (i64.const 100000000264)))
141+
(drop (i64.add (i64.const 100000000265) (i64.const 100000000266)))
142+
(drop (i64.add (i64.const 100000000267) (i64.const 100000000268)))
143+
(drop (i64.add (i64.const 100000000269) (i64.const 100000000270)))
144+
(drop (i64.add (i64.const 100000000271) (i64.const 100000000272)))
145+
(drop (i64.add (i64.const 100000000273) (i64.const 100000000274)))
146+
(drop (i64.add (i64.const 100000000275) (i64.const 100000000276)))
147+
(drop (i64.add (i64.const 100000000277) (i64.const 100000000278)))
148+
(drop (i64.add (i64.const 100000000279) (i64.const 100000000280)))
149+
(drop (i64.add (i64.const 100000000281) (i64.const 100000000282)))
150+
(drop (i64.add (i64.const 100000000283) (i64.const 100000000284)))
151+
(drop (i64.add (i64.const 100000000285) (i64.const 100000000286)))
152+
(drop (i64.add (i64.const 100000000287) (i64.const 100000000288)))
153+
(drop (i64.add (i64.const 100000000289) (i64.const 100000000290)))
154+
(drop (i64.add (i64.const 100000000291) (i64.const 100000000292)))
155+
(drop (i64.add (i64.const 100000000293) (i64.const 100000000294)))
156+
(drop (i64.add (i64.const 100000000295) (i64.const 100000000296)))
157+
(drop (i64.add (i64.const 100000000297) (i64.const 100000000298)))
158+
(drop (i64.add (i64.const 100000000299) (i64.const 100000000300)))
159+
(drop (i64.add (i64.const 100000000301) (i64.const 100000000302)))
160+
(drop (i64.add (i64.const 100000000303) (i64.const 100000000304)))
161+
(drop (i64.add (i64.const 100000000305) (i64.const 100000000306)))
162+
(drop (i64.add (i64.const 100000000307) (i64.const 100000000308)))
163+
(drop (i64.add (i64.const 100000000309) (i64.const 100000000310)))
164+
(drop (i64.add (i64.const 100000000311) (i64.const 100000000312)))
165+
(drop (i64.add (i64.const 100000000313) (i64.const 100000000314)))
166+
(drop (i64.add (i64.const 100000000315) (i64.const 100000000316)))
167+
(drop (i64.add (i64.const 100000000317) (i64.const 100000000318)))
168+
(drop (i64.add (i64.const 100000000319) (i64.const 100000000320)))
169+
(drop (i64.add (i64.const 100000000321) (i64.const 100000000322)))
170+
(drop (i64.add (i64.const 100000000323) (i64.const 100000000324)))
171+
(drop (i64.add (i64.const 100000000325) (i64.const 100000000326)))
172+
(drop (i64.add (i64.const 100000000327) (i64.const 100000000328)))
173+
(drop (i64.add (i64.const 100000000329) (i64.const 100000000330)))
174+
(drop (i64.add (i64.const 100000000331) (i64.const 100000000332)))
175+
(drop (i64.add (i64.const 100000000333) (i64.const 100000000334)))
176+
(drop (i64.add (i64.const 100000000335) (i64.const 100000000336)))
177+
(drop (i64.add (i64.const 100000000337) (i64.const 100000000338)))
178+
(drop (i64.add (i64.const 100000000339) (i64.const 100000000340)))
179+
(drop (i64.add (i64.const 100000000341) (i64.const 100000000342)))
180+
(drop (i64.add (i64.const 100000000343) (i64.const 100000000344)))
181+
(drop (i64.add (i64.const 100000000345) (i64.const 100000000346)))
182+
(drop (i64.add (i64.const 100000000347) (i64.const 100000000348)))
183+
(drop (i64.add (i64.const 100000000349) (i64.const 100000000350)))
184+
(drop (i64.add (i64.const 100000000351) (i64.const 100000000352)))
185+
(drop (i64.add (i64.const 100000000353) (i64.const 100000000354)))
186+
(drop (i64.add (i64.const 100000000355) (i64.const 100000000356)))
187+
(drop (i64.add (i64.const 100000000357) (i64.const 100000000358)))
188+
(drop (i64.add (i64.const 100000000359) (i64.const 100000000360)))
189+
(drop (i64.add (i64.const 100000000361) (i64.const 100000000362)))
190+
(drop (i64.add (i64.const 100000000363) (i64.const 100000000364)))
191+
(drop (i64.add (i64.const 100000000365) (i64.const 100000000366)))
192+
(drop (i64.add (i64.const 100000000367) (i64.const 100000000368)))
193+
(drop (i64.add (i64.const 100000000369) (i64.const 100000000370)))
194+
(drop (i64.add (i64.const 100000000371) (i64.const 100000000372)))
195+
(drop (i64.add (i64.const 100000000373) (i64.const 100000000374)))
196+
(drop (i64.add (i64.const 100000000375) (i64.const 100000000376)))
197+
(drop (i64.add (i64.const 100000000377) (i64.const 100000000378)))
198+
(drop (i64.add (i64.const 100000000379) (i64.const 100000000380)))
199+
(drop (i64.add (i64.const 100000000381) (i64.const 100000000382)))
200+
(drop (i64.add (i64.const 100000000383) (i64.const 100000000384)))
201+
(drop (i64.add (i64.const 100000000385) (i64.const 100000000386)))
202+
(drop (i64.add (i64.const 100000000387) (i64.const 100000000388)))
203+
(drop (i64.add (i64.const 100000000389) (i64.const 100000000390)))
204+
(drop (i64.add (i64.const 100000000391) (i64.const 100000000392)))
205+
(drop (i64.add (i64.const 100000000393) (i64.const 100000000394)))
206+
(drop (i64.add (i64.const 100000000395) (i64.const 100000000396)))
207+
(drop (i64.add (i64.const 100000000397) (i64.const 100000000398)))
208+
(drop (i64.add (i64.const 100000000399) (i64.const 100000000400)))
209+
(drop (i64.add (i64.const 100000000401) (i64.const 100000000402)))
210+
(drop (i64.add (i64.const 100000000403) (i64.const 100000000404)))
211+
(drop (i64.add (i64.const 100000000405) (i64.const 100000000406)))
212+
(drop (i64.add (i64.const 100000000407) (i64.const 100000000408)))
213+
(drop (i64.add (i64.const 100000000409) (i64.const 100000000410)))
214+
(drop (i64.add (i64.const 100000000411) (i64.const 100000000412)))
215+
(drop (i64.add (i64.const 100000000413) (i64.const 100000000414)))
216+
(drop (i64.add (i64.const 100000000415) (i64.const 100000000416)))
217+
(drop (i64.add (i64.const 100000000417) (i64.const 100000000418)))
218+
(drop (i64.add (i64.const 100000000419) (i64.const 100000000420)))
219+
(drop (i64.add (i64.const 100000000421) (i64.const 100000000422)))
220+
(drop (i64.add (i64.const 100000000423) (i64.const 100000000424)))
221+
(drop (i64.add (i64.const 100000000425) (i64.const 100000000426)))
222+
(drop (i64.add (i64.const 100000000427) (i64.const 100000000428)))
223+
(drop (i64.add (i64.const 100000000429) (i64.const 100000000430)))
224+
(drop (i64.add (i64.const 100000000431) (i64.const 100000000432)))
225+
(drop (i64.add (i64.const 100000000433) (i64.const 100000000434)))
226+
(drop (i64.add (i64.const 100000000435) (i64.const 100000000436)))
227+
(drop (i64.add (i64.const 100000000437) (i64.const 100000000438)))
228+
(drop (i64.add (i64.const 100000000439) (i64.const 100000000440)))
229+
(drop (i64.add (i64.const 100000000441) (i64.const 100000000442)))
230+
(drop (i64.add (i64.const 100000000443) (i64.const 100000000444)))
231+
(drop (i64.add (i64.const 100000000445) (i64.const 100000000446)))
232+
(drop (i64.add (i64.const 100000000447) (i64.const 100000000448)))
233+
(drop (i64.add (i64.const 100000000449) (i64.const 100000000450)))
234+
(drop (i64.add (i64.const 100000000451) (i64.const 100000000452)))
235+
(drop (i64.add (i64.const 100000000453) (i64.const 100000000454)))
236+
(drop (i64.add (i64.const 100000000455) (i64.const 100000000456)))
237+
(drop (i64.add (i64.const 100000000457) (i64.const 100000000458)))
238+
(drop (i64.add (i64.const 100000000459) (i64.const 100000000460)))
239+
(drop (i64.add (i64.const 100000000461) (i64.const 100000000462)))
240+
(drop (i64.add (i64.const 100000000463) (i64.const 100000000464)))
241+
(drop (i64.add (i64.const 100000000465) (i64.const 100000000466)))
242+
(drop (i64.add (i64.const 100000000467) (i64.const 100000000468)))
243+
(drop (i64.add (i64.const 100000000469) (i64.const 100000000470)))
244+
(drop (i64.add (i64.const 100000000471) (i64.const 100000000472)))
245+
(drop (i64.add (i64.const 100000000473) (i64.const 100000000474)))
246+
(drop (i64.add (i64.const 100000000475) (i64.const 100000000476)))
247+
(drop (i64.add (i64.const 100000000477) (i64.const 100000000478)))
248+
(drop (i64.add (i64.const 100000000479) (i64.const 100000000480)))
249+
(drop (i64.add (i64.const 100000000481) (i64.const 100000000482)))
250+
(drop (i64.add (i64.const 100000000483) (i64.const 100000000484)))
251+
(drop (i64.add (i64.const 100000000485) (i64.const 100000000486)))
252+
(drop (i64.add (i64.const 100000000487) (i64.const 100000000488)))
253+
(drop (i64.add (i64.const 100000000489) (i64.const 100000000490)))
254+
(drop (i64.add (i64.const 100000000491) (i64.const 100000000492)))
255+
(drop (i64.add (i64.const 100000000493) (i64.const 100000000494)))
256+
(drop (i64.add (i64.const 100000000495) (i64.const 100000000496)))
257+
(drop (i64.add (i64.const 100000000497) (i64.const 100000000498)))
258+
(drop (i64.add (i64.const 100000000499) (i64.const 100000000500)))
259+
(local.get 0)
260+
)
261+
262+
;; Tiny caller: no locals, no constants. Does a return_call to $callee.
263+
;; This is the vulnerable site: tiny_caller's frame has const_cell_num=0
264+
;; but $callee has const_cell_num~=1000, so without the fix the fast
265+
;; interpreter writes the staged parameter ~4000 bytes past the end of
266+
;; tiny_caller's frame.
267+
(func $tiny_caller (result i32)
268+
(return_call $callee (i32.const 42))
269+
)
270+
271+
;; Builds up 1000 normal call frames then tail-calls through tiny_caller.
272+
(func $fill (param i32) (result i32)
273+
(if (result i32) (i32.gt_s (local.get 0) (i32.const 0))
274+
(then (call $fill (i32.sub (local.get 0) (i32.const 1))))
275+
(else (call $tiny_caller))
276+
)
277+
)
278+
279+
(func (export "test") (result i32)
280+
(call $fill (i32.const 1000))
281+
)
282+
)

0 commit comments

Comments
 (0)