[wasm64] Fix 32-bit address computation in execution of SIMDLoadExtend (#7068)

2 files changed, 19 insertions, 3 deletions

diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
index fb3501252..f3471cfa8 100644
--- a/src/wasm-interpreter.h
+++ b/src/wasm-interpreter.h
@@ -3692,11 +3692,14 @@ public:
       WASM_UNREACHABLE("invalid op");
     };
     auto memorySize = info.instance->getMemorySize(info.name);
+    auto addressType = curr->ptr->type;
     auto fillLanes = [&](auto lanes, size_t laneBytes) {
       for (auto& lane : lanes) {
-        lane = loadLane(info.instance->getFinalAddress(
-          curr, Literal(uint32_t(src)), laneBytes, memorySize));
-        src = Address(uint32_t(src) + laneBytes);
+        auto ptr = Literal::makeFromInt64(src, addressType);
+        lane = loadLane(
+          info.instance->getFinalAddress(curr, ptr, laneBytes, memorySize));
+        src =
+          ptr.add(Literal::makeFromInt32(laneBytes, addressType)).getUnsigned();
       }
       return Literal(lanes);
     };
diff --git a/test/lit/exec/simd.wast b/test/lit/exec/simd.wast
index 5ab6489a2..a34a68276 100644
--- a/test/lit/exec/simd.wast
+++ b/test/lit/exec/simd.wast
@@ -14,8 +14,21 @@
    (i64.const 0)
   )
  )
+
+ ;; CHECK:      [fuzz-exec] calling load32x2_u
+ ;; CHECK-NEXT: [trap final > memory: 13835058055282163712 > 1048576]
+ (func $load32x2_u (export "load32x2_u") (result v128)
+  ;; This large 64-bit address is out of bounds, and this should trap.
+  (v128.load32x2_u
+   (i64.const -4611686018427387904)
+  )
+ )
 )
 
 ;; CHECK:      [fuzz-exec] calling load8x8_s
 ;; CHECK-NEXT: [fuzz-exec] note result: load8x8_s => i32x4 0x00620061 0x00640063 0x00660065 0x00000067
+
+;; CHECK:      [fuzz-exec] calling load32x2_u
+;; CHECK-NEXT: [trap final > memory: 13835058055282163712 > 1048576]
+;; CHECK-NEXT: [fuzz-exec] comparing load32x2_u
 ;; CHECK-NEXT: [fuzz-exec] comparing load8x8_s