|
|
@@ -9720,6 +9720,16 @@ preserve_local_for_block(WASMLoaderContext *loader_ctx, uint8 opcode,
|
|
|
|
|
|
/* preserve locals before blocks to ensure that "tee/set_local" inside
|
|
|
blocks will not influence the value of these locals */
|
|
|
+ uint32 frame_offset_cell =
|
|
|
+ (uint32)(loader_ctx->frame_offset - loader_ctx->frame_offset_bottom);
|
|
|
+ uint32 frame_ref_cell =
|
|
|
+ (uint32)(loader_ctx->frame_ref - loader_ctx->frame_ref_bottom);
|
|
|
+ if (frame_offset_cell < loader_ctx->stack_cell_num
|
|
|
+ || frame_ref_cell < loader_ctx->stack_cell_num) {
|
|
|
+ set_error_buf(error_buf, error_buf_size, "stack cell num error");
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
while (i < loader_ctx->stack_cell_num) {
|
|
|
int16 cur_offset = loader_ctx->frame_offset_bottom[i];
|
|
|
uint8 cur_type = loader_ctx->frame_ref_bottom[i];
|
|
|
@@ -12106,13 +12116,19 @@ re_scan:
|
|
|
}
|
|
|
#endif
|
|
|
|
|
|
+ uint8 *frame_ref_before_pop = loader_ctx->frame_ref;
|
|
|
POP_TYPE(
|
|
|
wasm_type->types[wasm_type->param_count - i - 1]);
|
|
|
#if WASM_ENABLE_FAST_INTERP != 0
|
|
|
/* decrease the frame_offset pointer accordingly to keep
|
|
|
- * consistent with frame_ref stack */
|
|
|
- cell_num = wasm_value_type_cell_num(
|
|
|
- wasm_type->types[wasm_type->param_count - i - 1]);
|
|
|
+ * consistent with frame_ref stack. Use the actual
|
|
|
+ * popped cell count instead of
|
|
|
+ * wasm_value_type_cell_num() because when the stack top
|
|
|
+ * is VALUE_TYPE_ANY, wasm_loader_pop_frame_ref always
|
|
|
+ * pops exactly 1 cell regardless of the expected type
|
|
|
+ */
|
|
|
+ cell_num = (uint32)(frame_ref_before_pop
|
|
|
+ - loader_ctx->frame_ref);
|
|
|
loader_ctx->frame_offset -= cell_num;
|
|
|
|
|
|
if (loader_ctx->frame_offset
|
Zhenwei Jin