fix(interpreter): prevent frame_offset underflow in wasm_loader

lum1n0us · lum1n0us · commit 4de6a445941d · 2025-04-02T11:48:54.000Z
diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c
@@ -11227,6 +11227,7 @@ wasm_loader_prepare_bytecode(WASMModule *module, WASMFunction *func,
     bool disable_emit, preserve_local = false, if_condition_available = true;
     float32 f32_const;
     float64 f64_const;
+    bool pending_exception = false;
 
     LOG_OP("\nProcessing func | [%d] params | [%d] locals | [%d] return\n",
            func->param_cell_num, func->local_cell_num, func->ret_cell_num);
@@ -11577,6 +11578,16 @@ wasm_loader_prepare_bytecode(WASMModule *module, WASMFunction *func,
                         cell_num = wasm_value_type_cell_num(
                             wasm_type->types[wasm_type->param_count - i - 1]);
                         loader_ctx->frame_offset -= cell_num;
+
+                        if (loader_ctx->frame_offset
+                            < loader_ctx->frame_offset_bottom) {
+                            LOG_DEBUG(
+                                "frame_offset underflow, roll back and "
+                                "let following stack checker report it\n");
+                            loader_ctx->frame_offset += cell_num;
+                            pending_exception = true;
+                            break;
+                        }
 #endif
                     }
                 }
@@ -12099,6 +12110,15 @@ wasm_loader_prepare_bytecode(WASMModule *module, WASMFunction *func,
                     }
                 }
 
+#if WASM_ENABLE_FAST_INTERP != 0
+                if (pending_exception) {
+                    set_error_buf(
+                        error_buf, error_buf_size,
+                        "There is a pending exception needs to be handled");
+                    goto fail;
+                }
+#endif
+
                 break;
             }
 
