interpreter: Fix infinite looping on `return_call` (#1762)

The code offset fixup for the target of a `return_call` was
not being done properly due to invalid initialization of the
offset value, and due to the fixup location being put at the
wrong offset in the instruction stream.

Fixes issue #1761

1 files changed, 5 insertions, 2 deletions

diff --git a/src/interp/binary-reader-interp.cc b/src/interp/binary-reader-interp.cc
index 7a1bc26e..699fdd20 100644
--- a/src/interp/binary-reader-interp.cc
+++ b/src/interp/binary-reader-interp.cc
@@ -576,7 +576,7 @@ Result BinaryReaderInterp::OnFunctionCount(Index count) {
 Result BinaryReaderInterp::OnFunction(Index index, Index sig_index) {
   CHECK_RESULT(validator_.OnFunction(GetLocation(), Var(sig_index)));
   FuncType& func_type = module_.func_types[sig_index];
-  module_.funcs.push_back(FuncDesc{func_type, {}, 0, {}});
+  module_.funcs.push_back(FuncDesc{func_type, {}, Istream::kInvalidOffset, {}});
   func_types_.push_back(func_type);
   return Result::Ok;
 }
@@ -1132,7 +1132,10 @@ Result BinaryReaderInterp::OnReturnCallExpr(Index func_index) {
 
   if (func_index >= num_func_imports()) {
     istream_.Emit(Opcode::InterpAdjustFrameForReturnCall, func_index);
-    istream_.Emit(Opcode::Br, GetFuncOffset(func_index));
+    istream_.Emit(Opcode::Br);
+    // We emit this separately to ensure that the fixup generated by
+    // GetFuncOffset comes after the Br opcode.
+    istream_.Emit(GetFuncOffset(func_index));
   } else {
     istream_.Emit(Opcode::InterpCallImport, func_index);
     istream_.Emit(Opcode::Return);