Skip to content

improve logic of heap_type validation when ref.null #4372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lum1n0us merged 12 commits into from
Jul 10, 2025
Merged

improve logic of heap_type validation when ref.null #4372

Changes from 9 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
fd5cfe4
Follow-up to PR #4300: prevent potential overflow
Septa2112 Jun 17, 2025
66cd7f6
Merge branch 'main' into fix/overflow
Septa2112 Jun 17, 2025
d0aac00
improve error message
Septa2112 Jun 17, 2025
58aae86
Refine heap_type validation and corresponding type1 calculation
Septa2112 Jun 17, 2025
038e2fc
Removed some redundant logic
Septa2112 Jun 18, 2025
0020653
Merged the if-else conditions
Septa2112 Jun 20, 2025
17ac8c1
improve logic and comments
Septa2112 Jun 25, 2025
f297e08
revert changes, read heap_type by p_copy
Septa2112 Jun 27, 2025
54bed47
add comments
Septa2112 Jun 27, 2025
5c7a469
revert code and add comments
Septa2112 Jul 2, 2025
1737c54
Merge branch 'main' into fix/overflow
Septa2112 Jul 9, 2025
4055c1f
merge
Septa2112 Jul 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 25 additions & 8 deletions core/iwasm/interpreter/wasm_loader.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -830,32 +830,49 @@ load_init_expr(WASMModule *module, const uint8 **p_buf, const uint8 *buf_end,
case INIT_EXPR_TYPE_REFNULL_CONST:
{
uint8 type1;

#if WASM_ENABLE_GC == 0
#if WASM_ENABLE_GC != 0
const uint8 *p_copy = p;
int32 heap_type;
read_leb_int32(p_copy, p_end, heap_type);
#endif
Comment thread
Septa2112 marked this conversation as resolved.
Outdated
Comment thread
Septa2112 marked this conversation as resolved.
Outdated
CHECK_BUF(p, p_end, 1);
type1 = read_uint8(p);

#if WASM_ENABLE_GC == 0
Comment thread
Septa2112 marked this conversation as resolved.
Outdated
cur_value.ref_index = NULL_REF;
if (!push_const_expr_stack(&const_expr_ctx, flag, type1,
&cur_value, error_buf,
error_buf_size))
goto fail;
#else
int32 heap_type;
read_leb_int32(p, p_end, heap_type);
type1 = (uint8)((int32)0x80 + heap_type);

cur_value.gc_obj = NULL_REF;

/*
* According to the current GC SPEC rules, the heap_type must be
* validated when ref.null is used. It can be an absheaptype,
* or the type C.types[typeidx] must be defined in the context.
*/
if (heap_type >= 0) {
if (!check_type_index(module, module->type_count, heap_type,
error_buf, error_buf_size)) {
goto fail;
}
}
else {
if (!wasm_is_valid_heap_type(heap_type)) {
Comment thread
Septa2112 marked this conversation as resolved.
set_error_buf_v(error_buf, error_buf_size,
"unknown type %d", heap_type);
goto fail;
}
}
Comment thread
Septa2112 marked this conversation as resolved.
Outdated
Comment thread
Septa2112 marked this conversation as resolved.
Outdated

Comment thread
Septa2112 marked this conversation as resolved.
Outdated
if (!is_byte_a_type(type1)
|| !wasm_is_valid_heap_type(heap_type)
|| wasm_is_type_multi_byte_type(type1)) {
p--;
read_leb_uint32(p, p_end, type_idx);
if (!check_type_index(module, module->type_count, type_idx,
error_buf, error_buf_size))
goto fail;

wasm_set_refheaptype_typeidx(&cur_ref_type.ref_ht_typeidx,
true, type_idx);
if (!push_const_expr_stack(&const_expr_ctx, flag,
Expand Down
Loading