Fix null dereference in FunctionValidator (#6849)

visitBlock() and validateCallParamsAndResult() both assumed they were
running inside a function, but might be called on global code too. Calls
and blocks are invalid in global positions, so we should error there, but
must do so properly without a null deref.

Fixes #6847
Fixes #6848

2 files changed, 25 insertions, 2 deletions

diff --git a/src/wasm/wasm-validator.cpp b/src/wasm/wasm-validator.cpp
index 4881ea7ac..f77eeefe7 100644
--- a/src/wasm/wasm-validator.cpp
+++ b/src/wasm/wasm-validator.cpp
@@ -606,9 +606,13 @@ private:
                     Type(Type::unreachable),
                     printable,
                     "return_call* should have unreachable type");
+      auto* func = getFunction();
+      if (!shouldBeTrue(!!func, curr, "function not defined")) {
+        return;
+      }
       shouldBeSubType(
         sig.results,
-        getFunction()->getResults(),
+        func->getResults(),
         printable,
         "return_call* callee return type must match caller return type");
     } else {
@@ -696,7 +700,12 @@ void FunctionValidator::visitBlock(Block* curr) {
     }
     breakTypes.erase(iter);
   }
-  switch (getFunction()->profile) {
+
+  auto* func = getFunction();
+  if (!shouldBeTrue(!!func, curr, "function not defined")) {
+    return;
+  }
+  switch (func->profile) {
     case IRProfile::Normal:
       validateNormalBlockElements(curr);
       break;
diff --git a/test/lit/validation/function-missing.wast b/test/lit/validation/function-missing.wast
new file mode 100644
index 000000000..5510644a7
--- /dev/null
+++ b/test/lit/validation/function-missing.wast
@@ -0,0 +1,14 @@
+;; Test that we validate functions declaration and usage for globals.
+
+;; RUN: not wasm-opt %s -all 2>&1 | filecheck %s
+
+(module
+  ;; CHECK: function not defined
+  (global (mut i32) (block))
+
+  ;; CHECK: function not defined
+  (global (mut i32) (return_call 0))
+
+  (func $0
+  )
+)
\ No newline at end of file