Merge branch 'main' into fix/overflow

Septa2112 · Septa2112 · commit 66cd7f6c67cc · 2025-06-17T11:19:28.000+08:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -53,7 +53,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.28.19
+      uses: github/codeql-action/init@v3.29.0
       with:
         languages: ${{ matrix.language }}
 
@@ -70,7 +70,7 @@ jobs:
     - run: |
         ./.github/scripts/codeql_buildscript.sh
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.28.19
+      uses: github/codeql-action/analyze@v3.29.0
       with:
         category: "/language:${{matrix.language}}"
         upload: false
@@ -99,7 +99,7 @@ jobs:
         output: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
 
     - name: Upload CodeQL results to code scanning
-      uses: github/codeql-action/upload-sarif@v3.28.19
+      uses: github/codeql-action/upload-sarif@v3.29.0
       with:
         sarif_file: ${{ steps.step1.outputs.sarif-output }}
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/supply_chain.yml b/.github/workflows/supply_chain.yml
@@ -60,6 +60,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b1e4dc3db58c9601794e22a9f6d28d45461b9dbf 
+        uses: github/codeql-action/upload-sarif@2847b7f7ab9f48fc49eca90a53fff6007285f399 
         with:
           sarif_file: results.sarif
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -497,7 +497,7 @@
 - wasm loader: Fix handling if block without op else (#3404)
 - ref-types: Correct default value for function local variables (#3397)
 - aot compiler: Fix the length type passed to aot_memmove/aot_memset (#3378)
-- Fix loader and mini-loader select potiential error (#3374)
+- Fix loader and mini-loader select potential error (#3374)
 - Fix aot debugger compilation error on windows (#3370)
 - A few native stack detection fixes for macOS/arm64 (#3368)
 - Fix ESP32-S3 compiling error (#3359)
diff --git a/core/iwasm/aot/aot_loader.c b/core/iwasm/aot/aot_loader.c
@@ -1309,6 +1309,13 @@ load_init_expr(const uint8 **p_buf, const uint8 *buf_end, AOTModule *module,
             read_uint32(buf, buf_end, type_idx);
             read_uint32(buf, buf_end, length);
 
+            if (type_idx >= module->type_count
+                || !wasm_type_is_array_type(module->types[type_idx])) {
+                set_error_buf(error_buf, error_buf_size,
+                              "invalid or non-array type index.");
+                goto fail;
+            }
+
             if (init_expr_type == INIT_EXPR_TYPE_ARRAY_NEW_DEFAULT) {
                 expr->u.array_new_default.type_index = type_idx;
                 expr->u.array_new_default.length = length;
diff --git a/core/iwasm/common/gc/gc_type.c b/core/iwasm/common/gc/gc_type.c
@@ -1145,7 +1145,7 @@ wasm_reftype_is_subtype_of(uint8 type1, const WASMRefType *ref_type1,
                 return true;
             else {
                 int32 heap_type = ref_type1->ref_ht_common.heap_type;
-                // We dont care whether type2 is nullable or not. So
+                // We don't care whether type2 is nullable or not. So
                 // we normalize it into its related one-byte type.
                 if (type2 == REF_TYPE_HT_NULLABLE
                     || type2 == REF_TYPE_HT_NON_NULLABLE) {
diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c
@@ -3728,7 +3728,7 @@ load_function_section(const uint8 *buf, const uint8 *buf_end,
              * we shall make a copy of code body [p_code, p_code + code_size]
              * when we are worrying about inappropriate releasing behaviour.
              * all code bodies are actually in a buffer which user allocates in
-             * his embedding environment and we don't have power on them.
+             * their embedding environment and we don't have power over them.
              * it will be like:
              * code_body_cp = malloc(code_size);
              * memcpy(code_body_cp, p_code, code_size);
diff --git a/core/iwasm/interpreter/wasm_mini_loader.c b/core/iwasm/interpreter/wasm_mini_loader.c
@@ -1226,7 +1226,7 @@ load_function_section(const uint8 *buf, const uint8 *buf_end,
              * we shall make a copy of code body [p_code, p_code + code_size]
              * when we are worrying about inappropriate releasing behaviour.
              * all code bodies are actually in a buffer which user allocates in
-             * his embedding environment and we don't have power on them.
+             * their embedding environment and we don't have power over them.
              * it will be like:
              * code_body_cp = malloc(code_size);
              * memcpy(code_body_cp, p_code, code_size);
diff --git a/core/iwasm/libraries/debug-engine/debug_engine.c b/core/iwasm/libraries/debug-engine/debug_engine.c
@@ -743,7 +743,7 @@ wasm_debug_instance_get_obj_mem(WASMDebugInstance *instance, uint64 offset,
     module_inst = (WASMModuleInstance *)exec_env->module_inst;
 
     if (offset + *size > module_inst->module->load_size) {
-        LOG_VERBOSE("wasm_debug_instance_get_data_mem size over flow!\n");
+        LOG_VERBOSE("wasm_debug_instance_get_data_mem size overflow!\n");
         *size = module_inst->module->load_size >= offset
                     ? module_inst->module->load_size - offset
                     : 0;
@@ -797,7 +797,7 @@ wasm_debug_instance_get_linear_mem(WASMDebugInstance *instance, uint64 offset,
         num_bytes_per_page = memory->num_bytes_per_page;
         linear_mem_size = num_bytes_per_page * memory->cur_page_count;
         if (offset + *size > linear_mem_size) {
-            LOG_VERBOSE("wasm_debug_instance_get_linear_mem size over flow!\n");
+            LOG_VERBOSE("wasm_debug_instance_get_linear_mem size overflow!\n");
             *size = linear_mem_size >= offset ? linear_mem_size - offset : 0;
         }
         bh_memcpy_s(buf, (uint32)*size, memory->memory_data + offset,
@@ -830,7 +830,7 @@ wasm_debug_instance_set_linear_mem(WASMDebugInstance *instance, uint64 offset,
         num_bytes_per_page = memory->num_bytes_per_page;
         linear_mem_size = num_bytes_per_page * memory->cur_page_count;
         if (offset + *size > linear_mem_size) {
-            LOG_VERBOSE("wasm_debug_instance_get_linear_mem size over flow!\n");
+            LOG_VERBOSE("wasm_debug_instance_get_linear_mem size overflow!\n");
             *size = linear_mem_size >= offset ? linear_mem_size - offset : 0;
         }
         bh_memcpy_s(memory->memory_data + offset, (uint32)*size, buf,
diff --git a/core/iwasm/libraries/wasi-nn/src/wasi_nn.c b/core/iwasm/libraries/wasi-nn/src/wasi_nn.c
@@ -397,6 +397,43 @@ detect_and_load_backend(graph_encoding backend_hint,
     return ret;
 }
 
+static wasi_nn_error
+ensure_backend(wasm_module_inst_t instance, graph_encoding encoding,
+               WASINNContext **wasi_nn_ctx_ptr)
+{
+    wasi_nn_error res;
+
+    graph_encoding loaded_backend = autodetect;
+    if (!detect_and_load_backend(encoding, &loaded_backend)) {
+        res = invalid_encoding;
+        NN_ERR_PRINTF("load backend failed");
+        goto fail;
+    }
+
+    WASINNContext *wasi_nn_ctx = wasm_runtime_get_wasi_nn_ctx(instance);
+    if (wasi_nn_ctx->is_backend_ctx_initialized) {
+        if (wasi_nn_ctx->backend != loaded_backend) {
+            res = unsupported_operation;
+            goto fail;
+        }
+    }
+    else {
+        wasi_nn_ctx->backend = loaded_backend;
+
+        /* init() the backend */
+        call_wasi_nn_func(wasi_nn_ctx->backend, init, res,
+                          &wasi_nn_ctx->backend_ctx);
+        if (res != success)
+            goto fail;
+
+        wasi_nn_ctx->is_backend_ctx_initialized = true;
+    }
+    *wasi_nn_ctx_ptr = wasi_nn_ctx;
+    return success;
+fail:
+    return res;
+}
+
 /* WASI-NN implementation */
 
 #if WASM_ENABLE_WASI_EPHEMERAL_NN != 0
@@ -410,14 +447,15 @@ wasi_nn_load(wasm_exec_env_t exec_env, graph_builder_array_wasm *builder,
              graph_encoding encoding, execution_target target, graph *g)
 #endif /* WASM_ENABLE_WASI_EPHEMERAL_NN != 0 */
 {
+    wasi_nn_error res;
+
     NN_DBG_PRINTF("[WASI NN] LOAD [encoding=%d, target=%d]...", encoding,
                   target);
 
     wasm_module_inst_t instance = wasm_runtime_get_module_inst(exec_env);
     if (!instance)
         return runtime_error;
 
-    wasi_nn_error res;
     graph_builder_array builder_native = { 0 };
 #if WASM_ENABLE_WASI_EPHEMERAL_NN != 0
     if (success
@@ -438,19 +476,8 @@ wasi_nn_load(wasm_exec_env_t exec_env, graph_builder_array_wasm *builder,
         goto fail;
     }
 
-    graph_encoding loaded_backend = autodetect;
-    if (!detect_and_load_backend(encoding, &loaded_backend)) {
-        res = invalid_encoding;
-        NN_ERR_PRINTF("load backend failed");
-        goto fail;
-    }
-
-    WASINNContext *wasi_nn_ctx = wasm_runtime_get_wasi_nn_ctx(instance);
-    wasi_nn_ctx->backend = loaded_backend;
-
-    /* init() the backend */
-    call_wasi_nn_func(wasi_nn_ctx->backend, init, res,
-                      &wasi_nn_ctx->backend_ctx);
+    WASINNContext *wasi_nn_ctx;
+    res = ensure_backend(instance, encoding, &wasi_nn_ctx);
     if (res != success)
         goto fail;
 
@@ -473,6 +500,8 @@ wasi_nn_error
 wasi_nn_load_by_name(wasm_exec_env_t exec_env, char *name, uint32_t name_len,
                      graph *g)
 {
+    wasi_nn_error res;
+
     wasm_module_inst_t instance = wasm_runtime_get_module_inst(exec_env);
     if (!instance) {
         return runtime_error;
@@ -496,19 +525,8 @@ wasi_nn_load_by_name(wasm_exec_env_t exec_env, char *name, uint32_t name_len,
 
     NN_DBG_PRINTF("[WASI NN] LOAD_BY_NAME %s...", name);
 
-    graph_encoding loaded_backend = autodetect;
-    if (!detect_and_load_backend(autodetect, &loaded_backend)) {
-        NN_ERR_PRINTF("load backend failed");
-        return invalid_encoding;
-    }
-
-    WASINNContext *wasi_nn_ctx = wasm_runtime_get_wasi_nn_ctx(instance);
-    wasi_nn_ctx->backend = loaded_backend;
-
-    wasi_nn_error res;
-    /* init() the backend */
-    call_wasi_nn_func(wasi_nn_ctx->backend, init, res,
-                      &wasi_nn_ctx->backend_ctx);
+    WASINNContext *wasi_nn_ctx;
+    res = ensure_backend(instance, autodetect, &wasi_nn_ctx);
     if (res != success)
         return res;
 
@@ -526,6 +544,8 @@ wasi_nn_load_by_name_with_config(wasm_exec_env_t exec_env, char *name,
                                  int32_t name_len, char *config,
                                  int32_t config_len, graph *g)
 {
+    wasi_nn_error res;
+
     wasm_module_inst_t instance = wasm_runtime_get_module_inst(exec_env);
     if (!instance) {
         return runtime_error;
@@ -554,19 +574,8 @@ wasi_nn_load_by_name_with_config(wasm_exec_env_t exec_env, char *name,
 
     NN_DBG_PRINTF("[WASI NN] LOAD_BY_NAME_WITH_CONFIG %s %s...", name, config);
 
-    graph_encoding loaded_backend = autodetect;
-    if (!detect_and_load_backend(autodetect, &loaded_backend)) {
-        NN_ERR_PRINTF("load backend failed");
-        return invalid_encoding;
-    }
-
-    WASINNContext *wasi_nn_ctx = wasm_runtime_get_wasi_nn_ctx(instance);
-    wasi_nn_ctx->backend = loaded_backend;
-
-    wasi_nn_error res;
-    /* init() the backend */
-    call_wasi_nn_func(wasi_nn_ctx->backend, init, res,
-                      &wasi_nn_ctx->backend_ctx);
+    WASINNContext *wasi_nn_ctx;
+    res = ensure_backend(instance, autodetect, &wasi_nn_ctx);
     if (res != success)
         return res;
 
diff --git a/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c b/core/iwasm/libraries/wasi-nn/src/wasi_nn_openvino.c
@@ -225,12 +225,6 @@ load(void *ctx, graph_builder_array *builder, graph_encoding encoding,
     graph_builder xml = builder->buf[0];
     graph_builder weight = builder->buf[1];
 
-    /* if xml is a String with a model in IR */
-    if (!(xml.buf[xml.size] == '\0' && xml.buf[xml.size - 1] != '\0')) {
-        NN_ERR_PRINTF("Invalid xml string.");
-        return invalid_argument;
-    }
-
     /* transfer weight to an ov tensor */
     {
         ov_ctx->weight_data = os_malloc(weight.size);
diff --git a/core/iwasm/libraries/wasi-nn/src/wasi_nn_private.h b/core/iwasm/libraries/wasi-nn/src/wasi_nn_private.h
@@ -10,6 +10,7 @@
 #include "wasm_export.h"
 
 typedef struct {
+    bool is_backend_ctx_initialized;
     bool is_model_loaded;
     graph_encoding backend;
     void *backend_ctx;
diff --git a/core/shared/platform/esp-idf/espidf_platform.c b/core/shared/platform/esp-idf/espidf_platform.c
@@ -201,10 +201,20 @@ openat(int fd, const char *pathname, int flags, ...)
     int ret;
     char dir_path[DIR_PATH_LEN];
     char *full_path;
+    mode_t mode = 0;
+    bool has_mode = false;
+
+    if (flags & O_CREAT) {
+        va_list ap;
+        va_start(ap, flags);
+        mode = (mode_t)va_arg(ap, int);
+        va_end(ap);
+        has_mode = true;
+    }
 
     ret = fcntl(fd, F_GETPATH, dir_path);
     if (ret != 0) {
-        errno = -EINVAL;
+        errno = EINVAL;
         return -1;
     }
 
@@ -214,7 +224,7 @@ openat(int fd, const char *pathname, int flags, ...)
         return -1;
     }
 
-    new_fd = open(full_path, flags);
+    new_fd = has_mode ? open(full_path, flags, mode) : open(full_path, flags);
     free(full_path);
 
     return new_fd;
diff --git a/language-bindings/python/wamr-api/README.md b/language-bindings/python/wamr-api/README.md
@@ -6,7 +6,7 @@
 
 ### Pre-requisites
 #### Install requirements
-Before proceeding it is necessary to make sure your Python environment is correctly configured. To do ths open a terminal session in this directory and perfom the following:
+Before proceeding it is necessary to make sure your Python environment is correctly configured. To do this open a terminal session in this directory and perform the following:
 
 
 ```shell
diff --git a/language-bindings/python/wasm-c-api/docs/design.md b/language-bindings/python/wasm-c-api/docs/design.md
@@ -353,12 +353,12 @@ writable and needs to be copied into a ctype array.
 
 #### variable arguments
 
-A function with _variable arugments_ makes it hard to specify the required
+A function with _variable arguments_ makes it hard to specify the required
 argument types for the function prototype. It leaves us one way to call it
 directly without any arguments type checking.
 
 ```python
-libc.printf(b"Hello, an int %d, a float %f, a string %s\n", c_int(1), c_doulbe(3.14), "World!")
+libc.printf(b"Hello, an int %d, a float %f, a string %s\n", c_int(1), c_double(3.14), "World!")
 ```
 
 #### Use `c_bool` to represent `wasm_mutability_t `
@@ -373,7 +373,7 @@ libc.printf(b"Hello, an int %d, a float %f, a string %s\n", c_int(1), c_doulbe(3
 
 ### bindgen.py
 
-`bindge.py` is a tool to create WAMR python binding automatically. `binding.py`
+`bindgen.py` is a tool to create WAMR python binding automatically. `binding.py`
 is generated. We should avoid modification on it. Additional helpers should go
 to `ffi.py`.
 
diff --git a/product-mini/platforms/linux-sgx/enclave-sample/App/pal_api.h b/product-mini/platforms/linux-sgx/enclave-sample/App/pal_api.h
@@ -79,7 +79,7 @@ struct wamr_pal_create_process_args {
     // Untrusted environment variable array pass to new process.
     //
     // The untrusted env vars to the command. And the last element of the array
-    // must be NULL to indicate the length of array.
+    // must be NULL to indicate the end of the array.
     //
     // Optional field.
     const char **env;
diff --git a/tests/unit/memory64/memory64_atomic_test.cc b/tests/unit/memory64/memory64_atomic_test.cc
@@ -60,7 +60,7 @@ class memory64_atomic_test_suite : public testing::TestWithParam<RunningMode>
         return false;
     }
 
-    void destory_exec_env()
+    void destroy_exec_env()
     {
         wasm_runtime_destroy_exec_env(exec_env);
         wasm_runtime_deinstantiate(module_inst);
@@ -109,7 +109,7 @@ class memory64_atomic_test_suite : public testing::TestWithParam<RunningMode>
     virtual void TearDown()
     {
         if (cleanup) {
-            destory_exec_env();
+            destroy_exec_env();
             wasm_runtime_destroy();
             cleanup = false;
         }
@@ -339,8 +339,8 @@ TEST_P(memory64_atomic_test_suite, atomic_opcodes_i64_rmw_cmpxchg)
     PUT_I64_TO_ADDR(wasm_argv + 2, 0x100F0E0D0C0B0A09);
     // new
     PUT_I64_TO_ADDR(wasm_argv + 4, 0xdeadcafebeefdead);
-    ASSERT_TRUE(wasm_runtime_call_wasm(exec_env, func_map["i64_atomic_rmw_cmpxchg"],
-                                       6, wasm_argv));
+    ASSERT_TRUE(wasm_runtime_call_wasm(
+        exec_env, func_map["i64_atomic_rmw_cmpxchg"], 6, wasm_argv));
     i64 = 0x100F0E0D0C0B0A09;
     ASSERT_EQ(i64, GET_U64_FROM_ADDR(wasm_argv));
 
