From 9fcedfded51dc0d234ddc7e4e06f5ca44cb9b7f8 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi <yamamoto@midokura.com>
Date: Wed, 31 Jan 2024 20:01:22 +0900
Subject: [PATCH] EH: fix validation of delegate opcode

cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/1884#issuecomment-1914000294
---
 core/iwasm/interpreter/wasm_loader.c | 42 +++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 7 deletions(-)

diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c
index 520ca8091d..c90949995a 100644
--- a/core/iwasm/interpreter/wasm_loader.c
+++ b/core/iwasm/interpreter/wasm_loader.c
@@ -7129,6 +7129,40 @@ check_branch_block(WASMLoaderContext *loader_ctx, uint8 **p_buf, uint8 *buf_end,
     return NULL;
 }
 
+#if WASM_ENABLE_EXCE_HANDLING != 0
+static BranchBlock *
+check_branch_block_for_delegate(WASMLoaderContext *loader_ctx, uint8 **p_buf,
+                                uint8 *buf_end, char *error_buf,
+                                uint32 error_buf_size)
+{
+    uint8 *p = *p_buf, *p_end = buf_end;
+    BranchBlock *frame_csp_tmp;
+    uint32 depth;
+
+    read_leb_uint32(p, p_end, depth);
+    /*
+     * Note: "delegate 0" means the surrounding block, not the
+     * try-delegate block itself.
+     *
+     * Note: the caller hasn't popped the try-delegate frame yet.
+     */
+    bh_assert(loader_ctx->csp_num > 0);
+    if (loader_ctx->csp_num - 1 <= depth) {
+        set_error_buf(error_buf, error_buf_size, "unknown delegate label");
+        goto fail;
+    }
+    frame_csp_tmp = loader_ctx->frame_csp - depth - 2;
+#if WASM_ENABLE_FAST_INTERP != 0
+    emit_br_info(frame_csp_tmp);
+#endif
+
+    *p_buf = p;
+    return frame_csp_tmp;
+fail:
+    return NULL;
+}
+#endif
+
 static bool
 check_block_stack(WASMLoaderContext *loader_ctx, BranchBlock *block,
                   char *error_buf, uint32 error_buf_size)
@@ -7831,16 +7865,10 @@ wasm_loader_prepare_bytecode(WASMModule *module, WASMFunction *func,
             case WASM_OP_DELEGATE:
             {
                 /* check  target block is valid */
-                if (!(frame_csp_tmp = check_branch_block(
+                if (!(frame_csp_tmp = check_branch_block_for_delegate(
                           loader_ctx, &p, p_end, error_buf, error_buf_size)))
                     goto fail;
 
-                /* valid types */
-                if (LABEL_TYPE_TRY != frame_csp_tmp->label_type) {
-                    snprintf(error_buf, error_buf_size, "unknown label");
-                    goto fail;
-                }
-
                 BranchBlock *cur_block = loader_ctx->frame_csp - 1;
                 uint8 label_type = cur_block->label_type;