EH: Fix validation of delegate opcode (#3107)

cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/1884#issuecomment-1914000294
2025-02-06 06:55:07 +00:00 · 2024-02-01 13:32:06 +09:00 · 2024-02-01 13:32:06 +09:00 · edc3643909
commit edc3643909
parent 40e51faca8
1 changed files with 35 additions and 7 deletions
--- a/core/iwasm/interpreter/wasm_loader.c
+++ b/core/iwasm/interpreter/wasm_loader.c
@ -7128,6 +7128,40 @@ fail:
    return NULL;
 }

+#if WASM_ENABLE_EXCE_HANDLING != 0
+static BranchBlock *
+check_branch_block_for_delegate(WASMLoaderContext *loader_ctx, uint8 **p_buf,
+                                uint8 *buf_end, char *error_buf,
+                                uint32 error_buf_size)
+{
+    uint8 *p = *p_buf, *p_end = buf_end;
+    BranchBlock *frame_csp_tmp;
+    uint32 depth;
+
+    read_leb_uint32(p, p_end, depth);
+    /*
+     * Note: "delegate 0" means the surrounding block, not the
+     * try-delegate block itself.
+     *
+     * Note: the caller hasn't popped the try-delegate frame yet.
+     */
+    bh_assert(loader_ctx->csp_num > 0);
+    if (loader_ctx->csp_num - 1 <= depth) {
+        set_error_buf(error_buf, error_buf_size, "unknown delegate label");
+        goto fail;
+    }
+    frame_csp_tmp = loader_ctx->frame_csp - depth - 2;
+#if WASM_ENABLE_FAST_INTERP != 0
+    emit_br_info(frame_csp_tmp);
+#endif
+
+    *p_buf = p;
+    return frame_csp_tmp;
+fail:
+    return NULL;
+}
+#endif
+
 static bool
 check_block_stack(WASMLoaderContext *loader_ctx, BranchBlock *block,
                  char *error_buf, uint32 error_buf_size)
@ -7832,16 +7866,10 @@ re_scan:
            case WASM_OP_DELEGATE:
            {
                /* check  target block is valid */
-                if (!(frame_csp_tmp = check_branch_block(
+                if (!(frame_csp_tmp = check_branch_block_for_delegate(
                          loader_ctx, &p, p_end, error_buf, error_buf_size)))
                    goto fail;

-                /* valid types */
-                if (LABEL_TYPE_TRY != frame_csp_tmp->label_type) {
-                    snprintf(error_buf, error_buf_size, "unknown label");
-                    goto fail;
-                }
-
                BranchBlock *cur_block = loader_ctx->frame_csp - 1;
                uint8 label_type = cur_block->label_type;