From 0127eafbe56284836bc97aefcce1dd628545a107 Mon Sep 17 00:00:00 2001
From: Zhenwei Jin <109658203+kylo5aby@users.noreply.github.com>
Date: Mon, 30 Jun 2025 12:57:57 +0800
Subject: [PATCH] loader: fix a potential overflow issue (#4427)

---
 core/iwasm/interpreter/wasm_loader.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c
index 4bdd8bc7f..5dd9f0520 100644
--- a/core/iwasm/interpreter/wasm_loader.c
+++ b/core/iwasm/interpreter/wasm_loader.c
@@ -2042,9 +2042,9 @@ load_type_section(const uint8 *buf, const uint8 *buf_end, WASMModule *module,
                                       "recursive type count too large");
                         return false;
                     }
-                    module->type_count += rec_count - 1;
                     new_total_size =
-                        sizeof(WASMFuncType *) * (uint64)module->type_count;
+                        sizeof(WASMFuncType *)
+                        * (uint64)(module->type_count + rec_count - 1);
                     if (new_total_size > UINT32_MAX) {
                         set_error_buf(error_buf, error_buf_size,
                                       "allocate memory failed");
@@ -2052,6 +2052,7 @@ load_type_section(const uint8 *buf, const uint8 *buf_end, WASMModule *module,
                     }
                     MEM_REALLOC(module->types, (uint32)total_size,
                                 (uint32)new_total_size);
+                    module->type_count += rec_count - 1;
                     total_size = new_total_size;
                 }