From 50181145e39304785ccedcd84be9cb7cc428b1f2 Mon Sep 17 00:00:00 2001
From: mtb <mtb0x10x1@gmail.com>
Date: Mon, 26 Aug 2024 23:13:39 +0200
Subject: Fix null dereference in FunctionValidator (#6849)

visitBlock() and validateCallParamsAndResult() both assumed they were
running inside a function, but might be called on global code too. Calls
and blocks are invalid in global positions, so we should error there, but
must do so properly without a null deref.

Fixes #6847
Fixes #6848
---
 src/wasm/wasm-validator.cpp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'src/wasm/wasm-validator.cpp')

diff --git a/src/wasm/wasm-validator.cpp b/src/wasm/wasm-validator.cpp
index 4881ea7ac..f77eeefe7 100644
--- a/src/wasm/wasm-validator.cpp
+++ b/src/wasm/wasm-validator.cpp
@@ -606,9 +606,13 @@ private:
                     Type(Type::unreachable),
                     printable,
                     "return_call* should have unreachable type");
+      auto* func = getFunction();
+      if (!shouldBeTrue(!!func, curr, "function not defined")) {
+        return;
+      }
       shouldBeSubType(
         sig.results,
-        getFunction()->getResults(),
+        func->getResults(),
         printable,
         "return_call* callee return type must match caller return type");
     } else {
@@ -696,7 +700,12 @@ void FunctionValidator::visitBlock(Block* curr) {
     }
     breakTypes.erase(iter);
   }
-  switch (getFunction()->profile) {
+
+  auto* func = getFunction();
+  if (!shouldBeTrue(!!func, curr, "function not defined")) {
+    return;
+  }
+  switch (func->profile) {
     case IRProfile::Normal:
       validateNormalBlockElements(curr);
       break;
-- 
cgit v1.2.3