Fix Instruction::CallIndirect stack height metering

The stack height metering for functions containing CallIndirect was wrong. The code did not take into consideration that is pops one value from the stack. The effect was that the stack height of functions using this instruction was higher than its real height.
2026-04-25 23:07:56 +00:00 · 2020-10-13 09:39:57 +02:00
parent 2306999c9c
commit 5e3b06de05
1 changed files with 27 additions and 0 deletions
@@ -288,6 +288,9 @@ pub(crate) fn compute(func_idx: u32, module: &elements::Module) -> Result<u32, E
 					.get(x as usize)
 					.ok_or_else(|| Error("Type not found".into()))?;

+				// Pop the offset into the function table.
+				stack.pop_values(1)?;
+
 				// Pop values for arguments of the function.
 				stack.pop_values(ty.params().len() as u32)?;

@@ -523,4 +526,28 @@ mod tests {
 		let height = compute(0, &module).unwrap();
 		assert_eq!(height, 2);
 	}
+
+	#[test]
+	fn call_indirect() {
+		let module = parse_wat(
+			r#"
+(module
+	(table $ptr 1 1 funcref)
+	(elem $ptr (i32.const 0) func 1)
+	(func $main
+		(call_indirect (i32.const 0))
+		(call_indirect (i32.const 0))
+		(call_indirect (i32.const 0))
+	)
+	(func $callee
+		i64.const 42
+		drop
+	)
+)
+"#,
+		);
+
+		let height = compute(0, &module).unwrap();
+		assert_eq!(height, 1);
+	}
 }