From e4523f7e6ccdb6a8d5ae800375cce6b9c8c5cc2b Mon Sep 17 00:00:00 2001
From: ptitSeb <sebastien.chev@gmail.com>
Date: Mon, 10 Oct 2022 15:07:28 +0200
Subject: [PATCH] Fixed issue #3167 and added the relevant test

---
 .../src/translator/code_translator.rs         | 21 +++++++++++++++----
 tests/wast/wasmer/README.md                   |  6 +++++-
 tests/wast/wasmer/atomic_load.wast            |  9 ++++++++
 3 files changed, 31 insertions(+), 5 deletions(-)
 create mode 100755 tests/wast/wasmer/atomic_load.wast

diff --git a/lib/compiler-cranelift/src/translator/code_translator.rs b/lib/compiler-cranelift/src/translator/code_translator.rs
index e38640fb3e0..6b42a8e6c6e 100644
--- a/lib/compiler-cranelift/src/translator/code_translator.rs
+++ b/lib/compiler-cranelift/src/translator/code_translator.rs
@@ -2408,11 +2408,24 @@ fn finalise_atomic_mem_addr<FE: FuncEnvironment + ?Sized>(
     state: &mut FuncTranslationState,
     environ: &mut FE,
 ) -> WasmResult<Value> {
-    // Check the alignment of `linear_mem_addr`.
     let access_ty_bytes = access_ty.bytes();
-    let final_lma = builder
-        .ins()
-        .iadd_imm(linear_mem_addr, memarg.offset as i64);
+    let final_lma = if memarg.offset > 0 {
+        assert!(builder.func.dfg.value_type(linear_mem_addr) == I32);
+        let linear_mem_addr = builder.ins().uextend(I64, linear_mem_addr);
+        let a = builder
+            .ins()
+            .iadd_imm(linear_mem_addr, memarg.offset as i64);
+        let cflags = builder.ins().ifcmp_imm(a, 0x1_0000_0000i64);
+        builder.ins().trapif(
+            IntCC::UnsignedGreaterThanOrEqual,
+            cflags,
+            ir::TrapCode::HeapOutOfBounds,
+        );
+        builder.ins().ireduce(I32, a)
+    } else {
+        linear_mem_addr
+    };
+    // Check the alignment of `linear_mem_addr`.
     if access_ty_bytes != 1 {
         assert!(access_ty_bytes == 2 || access_ty_bytes == 4 || access_ty_bytes == 8);
         let final_lma_misalignment = builder
diff --git a/tests/wast/wasmer/README.md b/tests/wast/wasmer/README.md
index 60c933dfb2c..17d398c6aa3 100644
--- a/tests/wast/wasmer/README.md
+++ b/tests/wast/wasmer/README.md
@@ -31,4 +31,8 @@ front, not once in each call.
 
 ## Divide by Zero: `divide.wast`
 
-This is a simple test to check that a divide by zero is correctly trapped
\ No newline at end of file
+This is a simple test to check that a divide by zero is correctly trapped
+
+## Atomic Load: `atomic_load.wast`
+
+This is a simple test to check that load an atomic "to far" in memory trigger a OutOfBound trap
diff --git a/tests/wast/wasmer/atomic_load.wast b/tests/wast/wasmer/atomic_load.wast
new file mode 100755
index 00000000000..932b39a1da0
--- /dev/null
+++ b/tests/wast/wasmer/atomic_load.wast
@@ -0,0 +1,9 @@
+(module
+    (memory 1)
+    (func (export "atomic_load")
+        i32.const 0xffff_fff0
+        i32.atomic.load offset=16
+        drop
+    )
+)
+(assert_trap (invoke "atomic_load") "out of bound")