fix(wasm): register functions in FunctionSection and use TypeSection builder#170
Closed
graydeon wants to merge 1 commit intosec/wave-2-wasm-hardeningfrom
Closed
fix(wasm): register functions in FunctionSection and use TypeSection builder#170graydeon wants to merge 1 commit intosec/wave-2-wasm-hardeningfrom
graydeon wants to merge 1 commit intosec/wave-2-wasm-hardeningfrom
Conversation
…builder The C-2 lazy-WASI refactor broke WASM validation by adding function bodies to the CodeSection without corresponding entries in the FunctionSection. The Type section was also hardcoded as two entries, ignoring the actual function types compiled by the module. - emit_malloc_builtin: register malloc type in TypeSection and call self.functions.function(type_idx) so the FunctionSection entry exists - emit_println_builtin: register fd_write type in TypeSection (used by the import), then register println type and its FunctionSection entry - compile_function: derive param/return ValTypes from ir::Type and register each user function in both TypeSection and FunctionSection - finish(): replace hardcoded manual type-section bytes with self.type_section.append_to() (wasm_encoder::TypeSection) - Remove unused encode_leb128 helper - runtime_security_regressions.rs: wrap CWD restoration in a Drop guard so that it is restored even when a test panics Fixes GRA-93. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
emit_malloc_builtin,emit_println_builtin, andcompile_functionwere all adding bodies to the CodeSection without registering corresponding entries in the FunctionSection — a WASM binary where Code count ≠ Function count is invalid and rejected by wasmtimefinish()is replaced withwasm_encoder::TypeSection, which is populated incrementally as each function is compiled, so all signatures (malloc, fd_write, println, user functions) are always present and consistentRestoreDirDrop guard inagent_security_testsso the working directory is restored even if a test panicsTest plan
wasm_testspasstest_e2e_wasm_validationpasses (checks Type + Function + Code sections are present)Fixes GRA-93
🤖 Generated with Claude Code