From 928598f1ce9157360e30ebe9522d04e82266453e Mon Sep 17 00:00:00 2001 From: Liu Jia Date: Thu, 12 Jun 2025 09:31:17 +0800 Subject: [PATCH] add heap-type check for GC when ref.null (#4300) - According to [Link 1](https://webassembly.github.io/gc/core/valid/instructions.html#xref-syntax-instructions-syntax-instr-ref-mathsf-ref-null-mathit-ht), we must ensure that the heap type is valid when ref.null. - According to [Link 2](https://webassembly.github.io/gc/core/valid/types.html#heap-types), a heap type is considered valid if it is either a concrete heap type or an abstract heap type. However, in this function, the check for abstract heap types (absheaptype) was clearly missing, so this condition needs to be added explicitly in the if statement. - When GC is disabled, no change is needed. - When GC is enabled, heap types in WAMR are LEB-encoded values ([Link 3](https://webassembly.github.io/gc/core/appendix/index-types.html)). Therefore, we must use read_leb_int32 to parse the heap type correctly. And we can compute the original type1 using type1 = (uint8)((int32)0x80 + heap_type);. --- core/iwasm/interpreter/wasm_loader.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c index 6317badc5..cb0414665 100644 --- a/core/iwasm/interpreter/wasm_loader.c +++ b/core/iwasm/interpreter/wasm_loader.c @@ -831,19 +831,24 @@ load_init_expr(WASMModule *module, const uint8 **p_buf, const uint8 *buf_end, { uint8 type1; +#if WASM_ENABLE_GC == 0 CHECK_BUF(p, p_end, 1); type1 = read_uint8(p); -#if WASM_ENABLE_GC == 0 cur_value.ref_index = NULL_REF; if (!push_const_expr_stack(&const_expr_ctx, flag, type1, &cur_value, error_buf, error_buf_size)) goto fail; #else + int32 heap_type; + read_leb_int32(p, p_end, heap_type); + type1 = (uint8)((int32)0x80 + heap_type); + cur_value.gc_obj = NULL_REF; if (!is_byte_a_type(type1) + || !wasm_is_valid_heap_type(heap_type) || wasm_is_type_multi_byte_type(type1)) { p--; read_leb_uint32(p, p_end, type_idx);