mirror of
https://github.com/bytecodealliance/wasm-micro-runtime.git
synced 2026-04-18 18:18:44 +00:00
5664589daa
* fix: clear exec_env_tls when destroying exec_env When an exec_env is destroyed, check if it matches the current thread's exec_env_tls and clear it to avoid dangling pointer issues. Without this fix, in daemon-style execution where the same thread runs multiple WASM modules sequentially (like Cloudflare Workers), the exec_env_tls can point to freed memory after an exec_env is destroyed, causing crashes on subsequent executions when the signal handler tries to access it. This is critical for AOT mode with hardware bounds checking enabled, where signal handlers rely on exec_env_tls to handle SIGSEGV properly. * test(exec_env): add reproducer for exec_env_tls dangling pointer bug Add test case that reproduces the bug where exec_env_tls is not cleared on early return paths in invoke_native_with_hw_bound_check. The test triggers native stack overflow check failure, which causes wasm_runtime_call_wasm to return early after setting exec_env_tls but without clearing it. This leaves exec_env_tls pointing to a destroyed exec_env, causing subsequent calls to fail with "invalid exec env". Test confirms the fix in wasm_exec_env_destroy correctly clears exec_env_tls when destroying the exec_env it points to. * fix(runtime): clear exec_env_tls on early return from stack overflow check Move the fix to clear exec_env_tls at the source - in the early return path of invoke_native_with_hw_bound_check when native stack overflow check fails. |
||
|---|---|---|
| .. | ||
| arch | ||
| debug | ||
| aot_intrinsic.c | ||
| aot_intrinsic.h | ||
| aot_loader.c | ||
| aot_perf_map.c | ||
| aot_perf_map.h | ||
| aot_reloc.h | ||
| aot_runtime.c | ||
| aot_runtime.h | ||
| aot_validator.c | ||
| aot_validator.h | ||
| iwasm_aot.cmake | ||
| SConscript | ||