Wasmtime GitHub notifications bot (Feb 04 2025 at 12:48): Wasmtime GitHub notifications bot (Feb 04 2025 at 12:48):Robbepop added the bug label to Issue #10179.
Wasmtime GitHub notifications bot (Feb 04 2025 at 12:48):Robbepop opened issue #10179:
While implementing the
custom-page-sizesproposal in Wasmi I encountered this failing test case in the official Wasm spectest mirror:(module (memory (pagesize 1) (data "xyz")) (func (export "size") (result i32) memory.size) (func (export "grow") (param i32) (result i32) (memory.grow (local.get 0))) (func (export "load") (param i32) (result i32) (i32.load8_u (local.get 0))) )Namely,
(memory (pagesize 1) (data "xyz"))is amemorydeclaration with an inlinedatasegment. The Wasm spec says the following about this:A data segment can be given inline with a memory definition, in which case its offset is and the limits of the memory type are inferred from the length of the data, rounded up to page size:
(Source: https://webassembly.github.io/spec/core/text/modules.html#text-mem-abbrev)
However, i distilled my own test case:
(module (memory (pagesize 1) (data "xyz")) (func (export "hello")) )Ran
wasm-tools parse test-case.wat -o test-case.wasmand ran both Wasmi and Wasmtime with it which both crashed during module instantiation withmemory out of bounds.I re-converted the
test-case.wasmback to.watand saw the following:(module (type (;0;) (func)) (memory (;0;) 1 1 (pagesize 0x1)) (export "hello" (func 0)) (func (;0;) (type 0)) (data (;0;) (i32.const 0) "xyz") )Thus we clearly see that
memoryhasminimumandmaximumlimits of 1 which is incorrect and should be 3 instead.
I am not sure where exactly the error is originating but since both Wasmi and Wasmtime are affected it might be in thewasmparsercrate.
Please move this issue if the exact source of the problem is located.
Last updated: Feb 28 2025 at 01:30 UTC