Add overflow check for preserved local offset in preserve_referenced_local (#4211)

core/iwasm/interpreter/wasm_loader.c

@@ -9197,6 +9197,15 @@ preserve_referenced_local(WASMLoaderContext *loader_ctx, uint8 opcode,
                         loader_ctx->preserved_local_offset += 2;
                     emit_label(EXT_OP_COPY_STACK_TOP_I64);
                 }
+
+                /* overflow */
+                if (preserved_offset > loader_ctx->preserved_local_offset) {
+                    set_error_buf_v(error_buf, error_buf_size,
+                                    "too much local cells 0x%x",
+                                    loader_ctx->preserved_local_offset);
+                    return false;
+                }
+
                 emit_operand(loader_ctx, local_index);
                 emit_operand(loader_ctx, preserved_offset);
                 emit_label(opcode);

core/iwasm/interpreter/wasm_mini_loader.c

@@ -4778,6 +4778,11 @@ preserve_referenced_local(WASMLoaderContext *loader_ctx, uint8 opcode,
                         loader_ctx->preserved_local_offset += 2;
                     emit_label(EXT_OP_COPY_STACK_TOP_I64);
                 }
+
+                /* overflow */
+                bh_assert(preserved_offset
+                          <= loader_ctx->preserved_local_offset);
+
                 emit_operand(loader_ctx, local_index);
                 emit_operand(loader_ctx, preserved_offset);
                 emit_label(opcode);