From 5718b65c381cbed697712a87886fcbb0c3db36a8 Mon Sep 17 00:00:00 2001
From: Asumu Takikawa <asumu@igalia.com>
Date: Wed, 15 Dec 2021 16:24:32 -0800
Subject: interpreter: Fix infinite looping on `return_call` (#1762)

The code offset fixup for the target of a `return_call` was
not being done properly due to invalid initialization of the
offset value, and due to the fixup location being put at the
wrong offset in the instruction stream.

Fixes issue #1761
---
 src/interp/binary-reader-interp.cc | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/interp')

diff --git a/src/interp/binary-reader-interp.cc b/src/interp/binary-reader-interp.cc
index 7a1bc26e..699fdd20 100644
--- a/src/interp/binary-reader-interp.cc
+++ b/src/interp/binary-reader-interp.cc
@@ -576,7 +576,7 @@ Result BinaryReaderInterp::OnFunctionCount(Index count) {
 Result BinaryReaderInterp::OnFunction(Index index, Index sig_index) {
   CHECK_RESULT(validator_.OnFunction(GetLocation(), Var(sig_index)));
   FuncType& func_type = module_.func_types[sig_index];
-  module_.funcs.push_back(FuncDesc{func_type, {}, 0, {}});
+  module_.funcs.push_back(FuncDesc{func_type, {}, Istream::kInvalidOffset, {}});
   func_types_.push_back(func_type);
   return Result::Ok;
 }
@@ -1132,7 +1132,10 @@ Result BinaryReaderInterp::OnReturnCallExpr(Index func_index) {
 
   if (func_index >= num_func_imports()) {
     istream_.Emit(Opcode::InterpAdjustFrameForReturnCall, func_index);
-    istream_.Emit(Opcode::Br, GetFuncOffset(func_index));
+    istream_.Emit(Opcode::Br);
+    // We emit this separately to ensure that the fixup generated by
+    // GetFuncOffset comes after the Br opcode.
+    istream_.Emit(GetFuncOffset(func_index));
   } else {
     istream_.Emit(Opcode::InterpCallImport, func_index);
     istream_.Emit(Opcode::Return);
-- 
cgit v1.2.3