Wasmtime GitHub notifications bot (Mar 07 2025 at 11:43): Wasmtime GitHub notifications bot (Mar 07 2025 at 11:43):f52985 added the bug label to Issue #10353.
Wasmtime GitHub notifications bot (Mar 07 2025 at 11:43):f52985 opened issue #10353:
Test Case
;; sample.wast (module (table $t 10 (ref null none)) (func (export "f") (result (ref null none)) (i32.const 99) (table.get $t) ) ) (assert_trap (invoke "f") "out of bounds table access")Steps to Reproduce
Run the above
sample.wasttest using the following command:
wasmtime wast -W gc=y sample.wastExpected Results
Trap happens as expected, and
assert_traptest is passed.Actual Results
Error: failed to run script file 'sample.wast' Caused by: 0: failed directive on sample.wast:8:1 1: expected trap, got Core([AnyRef(None)])Versions and Environment
Wasmtime version or commit: 30.0.2 (398694a59 2025-02-25)
Operating system: Ubuntu 20.04.6 LTS (also confirmed on MacOS)
Architecture: x86_64
Extra Info
The bug is not triggered for different type of references, other than
nonetype.
Wasmtime GitHub notifications bot (Mar 07 2025 at 15:46):alexcrichton commented on issue #10353:
I can echo my own thoughts over from https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjjh-q65v-wjhh here to: both thank you for filing this and thank you for filing a private issue first!
@fitzgen you're probably interested in this. I don't believe this one's fixed on
mainyet. Do you want to dig into this first before we migrate this to a normal issue?
Wasmtime GitHub notifications bot (Mar 07 2025 at 15:50):bjorn3 commented on issue #10353:
(this issue is public, the advisory is not)
Wasmtime GitHub notifications bot (Mar 07 2025 at 15:53):alexcrichton commented on issue #10353:
Oop nevermind, carry on then. (and still many thanks @f52985!)
Wasmtime GitHub notifications bot (Mar 07 2025 at 15:53):alexcrichton added the wasm-proposal:gc label to Issue #10353.
Wasmtime GitHub notifications bot (Mar 11 2025 at 18:39):fitzgen commented on issue #10353:
Fix over in https://github.com/bytecodealliance/wasmtime/pull/10372
Thanks for filing this issue @f52985! Out of curiosity, how have you been finding these bugs and generating these test cases? Are you doing some sort of fuzzing?
Wasmtime GitHub notifications bot (Mar 11 2025 at 20:25):fitzgen closed issue #10353:
Test Case
;; sample.wast (module (table $t 10 (ref null none)) (func (export "f") (result (ref null none)) (i32.const 99) (table.get $t) ) ) (assert_trap (invoke "f") "out of bounds table access")Steps to Reproduce
Run the above
sample.wasttest using the following command:
wasmtime wast -W gc=y sample.wastExpected Results
Trap happens as expected, and
assert_traptest is passed.Actual Results
Error: failed to run script file 'sample.wast' Caused by: 0: failed directive on sample.wast:8:1 1: expected trap, got Core([AnyRef(None)])Versions and Environment
Wasmtime version or commit: 30.0.2 (398694a59 2025-02-25)
Operating system: Ubuntu 20.04.6 LTS (also confirmed on MacOS)
Architecture: x86_64
Extra Info
The bug is not triggered for different type of references, other than
nonetype.
Wasmtime GitHub notifications bot (Mar 12 2025 at 05:24):f52985 commented on issue #10353:
Out of curiosity, how have you been finding these bugs and generating these test cases? Are you doing some sort of fuzzing?
Yes, we are! We are using SpecTec, a mechanized Wasm specfication framework, for fuzzing.
It can directly handle the syntax or validation rules from the specification itself,
which greatly helps automate the process of generating syntactically correct or valid test cases,
and uncover edge cases in the specification.
Wasmtime GitHub notifications bot (Mar 12 2025 at 15:03):fitzgen commented on issue #10353:
Ah yes! I just emailed you recently, didn't realize this was your github account :)
Thanks for filing issues for the bugs you've been finding!
Last updated: Apr 17 2025 at 22:03 UTC