diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c index c8b4e6b7d9..39ea523ccc 100644 --- a/core/iwasm/interpreter/wasm_loader.c +++ b/core/iwasm/interpreter/wasm_loader.c @@ -830,32 +830,49 @@ load_init_expr(WASMModule *module, const uint8 **p_buf, const uint8 *buf_end, case INIT_EXPR_TYPE_REFNULL_CONST: { uint8 type1; - -#if WASM_ENABLE_GC == 0 +#if WASM_ENABLE_GC != 0 + const uint8 *p_copy = p; + int32 heap_type; + read_leb_int32(p_copy, p_end, heap_type); +#endif CHECK_BUF(p, p_end, 1); type1 = read_uint8(p); +#if WASM_ENABLE_GC == 0 cur_value.ref_index = NULL_REF; if (!push_const_expr_stack(&const_expr_ctx, flag, type1, &cur_value, error_buf, error_buf_size)) goto fail; #else - int32 heap_type; - read_leb_int32(p, p_end, heap_type); - type1 = (uint8)((int32)0x80 + heap_type); - cur_value.gc_obj = NULL_REF; + /* + * According to the current GC SPEC rules, the heap_type must be + * validated when ref.null is used. It can be an absheaptype, + * or the type C.types[typeidx] must be defined in the context. + */ + if (heap_type >= 0) { + if (!check_type_index(module, module->type_count, heap_type, + error_buf, error_buf_size)) { + goto fail; + } + } + else { + if (!wasm_is_valid_heap_type(heap_type)) { + set_error_buf_v(error_buf, error_buf_size, + "unknown type %d", heap_type); + goto fail; + } + } + if (!is_byte_a_type(type1) - || !wasm_is_valid_heap_type(heap_type) || wasm_is_type_multi_byte_type(type1)) { p--; read_leb_uint32(p, p_end, type_idx); if (!check_type_index(module, module->type_count, type_idx, error_buf, error_buf_size)) goto fail; - wasm_set_refheaptype_typeidx(&cur_ref_type.ref_ht_typeidx, true, type_idx); if (!push_const_expr_stack(&const_expr_ctx, flag,