Verify alignment of returned component-model strings (#12897)

* Verify alignment of returned component-model strings

The lifting code erroneously forgot to check for this. There's no actual
consequence to this in Wasmtime per-se, but it's required in the
component model spec to trap, so a trap is added here.

* Fix tests

* Optimize alignment check

* Fix build

Author: alexcrichton

crates/environ/src/component/info.rs

@@ -660,6 +660,15 @@ impl FixedEncoding {
             FixedEncoding::Latin1 => 1,
         }
     }
+
+    /// Returns the alignment of strings using this encoding.
+    pub fn align(&self) -> u8 {
+        match self {
+            FixedEncoding::Utf8 => 1,
+            FixedEncoding::Utf16 => 2,
+            FixedEncoding::Latin1 => 2,
+        }
+    }
 }
 
 /// Description of a new resource declared in a `GlobalInitializer::Resource`

crates/environ/src/fact/trampoline.rs

@@ -1817,7 +1817,7 @@ impl<'a, 'b> Compiler<'a, 'b> {
             let dst_mem = self.malloc(
                 dst_opts,
                 MallocSize::Local(dst_byte_len.idx),
-                dst_enc.width().into(),
+                dst_enc.align().into(),
             );
             WasmString {
                 ptr: dst_mem.addr,

crates/wasmtime/src/runtime/component/func/typed.rs

@@ -1680,17 +1680,21 @@ pub struct WasmStr {
 
 impl WasmStr {
     pub(crate) fn new(ptr: usize, len: usize, cx: &mut LiftContext<'_>) -> Result<WasmStr> {
-        let byte_len = match cx.options().string_encoding {
-            StringEncoding::Utf8 => Some(len),
-            StringEncoding::Utf16 => len.checked_mul(2),
+        let (byte_len, align) = match cx.options().string_encoding {
+            StringEncoding::Utf8 => (Some(len), 1_usize),
+            StringEncoding::Utf16 => (len.checked_mul(2), 2),
             StringEncoding::CompactUtf16 => {
                 if len & UTF16_TAG == 0 {
-                    Some(len)
+                    (Some(len), 2)
                 } else {
-                    (len ^ UTF16_TAG).checked_mul(2)
+                    ((len ^ UTF16_TAG).checked_mul(2), 2)
                 }
             }
         };
+        debug_assert!(align.is_power_of_two());
+        if ptr & (align - 1) != 0 {
+            bail!("string pointer not aligned to {align}");
+        }
         match byte_len.and_then(|len| ptr.checked_add(len)) {
             Some(n) if n <= cx.memory().len() => cx.consume_fuel(n - ptr)?,
             _ => bail!("string pointer/length out of bounds of memory"),

tests/misc_testsuite/component-model/strings.wast

@@ -0,0 +1,21 @@
+;; Returning an unaligned utf16 string is invalid
+(component definition $A
+  (core module $m
+    (memory (export "m") 1)
+    (func (export "f") (result i32)
+      (i32.store (i32.const 4) (i32.const 1))
+      (i32.store (i32.const 8) (i32.const 0))
+      i32.const 4
+    )
+  )
+  (core instance $m (instantiate $m))
+  (func (export "f1") (result string)
+    (canon lift (core func $m "f") (memory $m "m") string-encoding=utf16))
+  (func (export "f2") (result string)
+    (canon lift (core func $m "f") (memory $m "m") string-encoding=latin1+utf16))
+
+)
+(component instance $A $A)
+(assert_trap (invoke "f1") "string pointer not aligned to 2")
+(component instance $A $A)
+(assert_trap (invoke "f2") "string pointer not aligned to 2")