From 75bf9797a2b2eee8fd9894836e6c28791b278185 Mon Sep 17 00:00:00 2001
From: "liang.he" <liang.he@intel.com>
Date: Thu, 12 Jun 2025 15:01:42 +0800
Subject: [PATCH] Update type validation in load_table_import() and
 load_table() (#4296)

Prevent from value type.

https://webassembly.github.io/spec/core/valid/types.html#table-types
https://webassembly.github.io/gc/core/syntax/types.html#reference-types
---
 core/iwasm/interpreter/wasm_loader.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c
index cb0414665..fe045c6ea 100644
--- a/core/iwasm/interpreter/wasm_loader.c
+++ b/core/iwasm/interpreter/wasm_loader.c
@@ -2588,7 +2588,8 @@ load_table_import(const uint8 **p_buf, const uint8 *buf_end,
                             error_buf_size)) {
         return false;
     }
-    if (wasm_is_reftype_htref_non_nullable(ref_type.ref_type)) {
+    if (!wasm_is_type_reftype(ref_type.ref_type)
+        || wasm_is_reftype_htref_non_nullable(ref_type.ref_type)) {
         set_error_buf(error_buf, error_buf_size, "type mismatch");
         return false;
     }
@@ -3114,6 +3115,15 @@ load_table(const uint8 **p_buf, const uint8 *buf_end, WASMModule *module,
                             error_buf_size)) {
         return false;
     }
+    /*
+     * TODO: add this validator
+     *   `wasm_is_reftype_htref_non_nullable(ref_type.ref_type)`
+     * after sync up with the latest GC spec
+     */
+    if (!wasm_is_type_reftype(ref_type.ref_type)) {
+        set_error_buf(error_buf, error_buf_size, "type mismatch");
+        return false;
+    }
     table->table_type.elem_type = ref_type.ref_type;
     if (need_ref_type_map) {
         if (!(table->table_type.elem_ref_type =