From 8fe98f64c197a9c0c9f1d6a34e237b63e074554f Mon Sep 17 00:00:00 2001
From: TianlongLiang <111852609+TianlongLiang@users.noreply.github.com>
Date: Thu, 10 Apr 2025 12:00:23 +0800
Subject: [PATCH] Add import memory/table flag assert check for miniloader
 (#4179)

---
 core/iwasm/interpreter/wasm_mini_loader.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/core/iwasm/interpreter/wasm_mini_loader.c b/core/iwasm/interpreter/wasm_mini_loader.c
index ecda490df..af9ea5046 100644
--- a/core/iwasm/interpreter/wasm_mini_loader.c
+++ b/core/iwasm/interpreter/wasm_mini_loader.c
@@ -665,7 +665,7 @@ load_table_import(const uint8 **p_buf, const uint8 *buf_end,
                   const char *table_name, WASMTableImport *table,
                   char *error_buf, uint32 error_buf_size)
 {
-    const uint8 *p = *p_buf, *p_end = buf_end;
+    const uint8 *p = *p_buf, *p_end = buf_end, *p_org;
     uint32 declare_elem_type = 0, table_flag = 0, declare_init_size = 0,
            declare_max_size = 0;
 
@@ -678,7 +678,12 @@ load_table_import(const uint8 **p_buf, const uint8 *buf_end,
 #endif
     );
 
+    /* the table flag can't exceed one byte, only check in debug build given
+     * the nature of mini-loader */
+    p_org = p;
     read_leb_uint32(p, p_end, table_flag);
+    bh_assert(p - p_org <= 1);
+    (void)p_org;
 
     if (!wasm_table_check_flags(table_flag, error_buf, error_buf_size, false)) {
         return false;
@@ -711,7 +716,7 @@ load_memory_import(const uint8 **p_buf, const uint8 *buf_end,
                    const char *memory_name, WASMMemoryImport *memory,
                    char *error_buf, uint32 error_buf_size)
 {
-    const uint8 *p = *p_buf, *p_end = buf_end;
+    const uint8 *p = *p_buf, *p_end = buf_end, *p_org;
 #if WASM_ENABLE_APP_FRAMEWORK != 0
     uint32 pool_size = wasm_runtime_memory_pool_size();
     uint32 max_page_count = pool_size * APP_MEMORY_MAX_GLOBAL_HEAP_PERCENT
@@ -724,7 +729,13 @@ load_memory_import(const uint8 **p_buf, const uint8 *buf_end,
     uint32 declare_init_page_count = 0;
     uint32 declare_max_page_count = 0;
 
+    /* the memory flag can't exceed one byte, only check in debug build given
+     * the nature of mini-loader */
+    p_org = p;
     read_leb_uint32(p, p_end, mem_flag);
+    bh_assert(p - p_org <= 1);
+    (void)p_org;
+
     if (!wasm_memory_check_flags(mem_flag, error_buf, error_buf_size, false)) {
         return false;
     }
@@ -815,6 +826,8 @@ load_table(const uint8 **p_buf, const uint8 *buf_end, WASMTable *table,
 #endif
     );
 
+    /* the table flag can't exceed one byte, only check in debug build given
+     * the nature of mini-loader */
     p_org = p;
     read_leb_uint32(p, p_end, table->table_type.flags);
     bh_assert(p - p_org <= 1);
@@ -854,6 +867,8 @@ load_memory(const uint8 **p_buf, const uint8 *buf_end, WASMMemory *memory,
     bool is_memory64 = false;
 #endif
 
+    /* the memory flag can't exceed one byte, only check in debug build given
+     * the nature of mini-loader */
     p_org = p;
     read_leb_uint32(p, p_end, memory->flags);
     bh_assert(p - p_org <= 1);