@@ -513,14 +513,15 @@ destroy_init_expr_data_recursive(WASMModule *module, void *data)
513513
514514 if (wasm_type->type_flag == WASM_TYPE_STRUCT) {
515515 WASMStructType *struct_type = (WASMStructType *)wasm_type;
516- WASMRefTypeMap *ref_type_map = struct_type->ref_type_maps;
517516 WASMRefType *ref_type;
518517 uint8 field_type;
519518
519+ uint16 ref_type_map_index = 0;
520520 for (i = 0; i < struct_init_values->count; i++) {
521521 field_type = struct_type->fields[i].field_type;
522522 if (wasm_is_type_multi_byte_type(field_type))
523- ref_type = ref_type_map->ref_type;
523+ ref_type =
524+ struct_type->ref_type_maps[ref_type_map_index++].ref_type;
524525 else
525526 ref_type = NULL;
526527 if (wasm_reftype_is_subtype_of(field_type, ref_type,
@@ -1073,23 +1074,25 @@ load_init_expr(WASMModule *module, const uint8 **p_buf, const uint8 *buf_end,
10731074 }
10741075
10751076 if (opcode1 == WASM_OP_ARRAY_NEW) {
1076- WASMValue len_val;
1077-
1078- if (!(array_init_values = loader_malloc(
1079- sizeof(WASMArrayNewInitValues),
1080- error_buf, error_buf_size))) {
1081- goto fail;
1082- }
1083- array_init_values->type_idx = type_idx;
1077+ WASMValue len_val = { 0 };
1078+ uint64 size = 0;
10841079
10851080 if (!pop_const_expr_stack(
10861081 &const_expr_ctx, NULL, VALUE_TYPE_I32,
10871082 NULL, NULL, &len_val, error_buf,
10881083 error_buf_size)) {
1089- destroy_init_expr_data_recursive(
1090- module, array_init_values);
10911084 goto fail;
10921085 }
1086+
1087+ size =
1088+ sizeof(WASMArrayNewInitValues)
1089+ + sizeof(WASMValue) * (uint64)len_val.i32;
1090+ if (!(array_init_values = loader_malloc(
1091+ size, error_buf, error_buf_size))) {
1092+ goto fail;
1093+ }
1094+
1095+ array_init_values->type_idx = type_idx;
10931096 array_init_values->length = len_val.i32;
10941097
10951098 if (!pop_const_expr_stack(
0 commit comments