Fixed issue #3167 and added the relevant test

lib/compiler-cranelift/src/translator/code_translator.rs

@@ -2408,11 +2408,24 @@ fn finalise_atomic_mem_addr<FE: FuncEnvironment + ?Sized>(
     state: &mut FuncTranslationState,
     environ: &mut FE,
 ) -> WasmResult<Value> {
-    // Check the alignment of `linear_mem_addr`.
     let access_ty_bytes = access_ty.bytes();
-    let final_lma = builder
-        .ins()
-        .iadd_imm(linear_mem_addr, memarg.offset as i64);
+    let final_lma = if memarg.offset > 0 {
+        assert!(builder.func.dfg.value_type(linear_mem_addr) == I32);
+        let linear_mem_addr = builder.ins().uextend(I64, linear_mem_addr);
+        let a = builder
+            .ins()
+            .iadd_imm(linear_mem_addr, memarg.offset as i64);
+        let cflags = builder.ins().ifcmp_imm(a, 0x1_0000_0000i64);
+        builder.ins().trapif(
+            IntCC::UnsignedGreaterThanOrEqual,
+            cflags,
+            ir::TrapCode::HeapOutOfBounds,
+        );
+        builder.ins().ireduce(I32, a)
+    } else {
+        linear_mem_addr
+    };
+    // Check the alignment of `linear_mem_addr`.
     if access_ty_bytes != 1 {
         assert!(access_ty_bytes == 2 || access_ty_bytes == 4 || access_ty_bytes == 8);
         let final_lma_misalignment = builder

tests/wast/wasmer/README.md

@@ -31,4 +31,8 @@ front, not once in each call.
 
 ## Divide by Zero: `divide.wast`
 
-This is a simple test to check that a divide by zero is correctly trapped
+This is a simple test to check that a divide by zero is correctly trapped
+
+## Atomic Load: `atomic_load.wast`
+
+This is a simple test to check that load an atomic "to far" in memory trigger a OutOfBound trap

tests/wast/wasmer/atomic_load.wast

@@ -0,0 +1,9 @@
+(module
+    (memory 1)
+    (func (export "atomic_load")
+        i32.const 0xffff_fff0
+        i32.atomic.load offset=16
+        drop
+    )
+)
+(assert_trap (invoke "atomic_load") "out of bound")