From bd97091cbb4fd12cd323cedfa11f4c6f33250958 Mon Sep 17 00:00:00 2001
From: Diego <96022404+dzfrias@users.noreply.github.com>
Date: Sun, 16 Jun 2024 09:55:51 -0700
Subject: [PATCH] LibWasm: Ensure that `global.get` only accesses imports in
 const exprs

---
 .../Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp | 8 +++++---
 .../LibWasm/AbstractMachine/BytecodeInterpreter.cpp       | 3 +++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp b/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp
index 403add53619..8505d31f005 100644
--- a/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp
+++ b/Userland/Libraries/LibWasm/AbstractMachine/AbstractMachine.cpp
@@ -206,6 +206,8 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
     for (auto& entry : externs) {
         if (auto* ptr = entry.get_pointer<GlobalAddress>())
             auxiliary_instance.globals().append(*ptr);
+        else if (auto* ptr = entry.get_pointer<FunctionAddress>())
+            auxiliary_instance.functions().append(*ptr);
     }
 
     Vector<FunctionAddress> module_functions;
@@ -253,7 +255,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
                 if (m_should_limit_instruction_count)
                     config.enable_instruction_count_limit();
                 config.set_frame(Frame {
-                    main_module_instance,
+                    auxiliary_instance,
                     Vector<Value> {},
                     entry,
                     entry.instructions().size(),
@@ -306,7 +308,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
             if (m_should_limit_instruction_count)
                 config.enable_instruction_count_limit();
             config.set_frame(Frame {
-                main_module_instance,
+                auxiliary_instance,
                 Vector<Value> {},
                 active_ptr->expression,
                 1,
@@ -361,7 +363,7 @@ InstantiationResult AbstractMachine::instantiate(Module const& module, Vector<Ex
                     if (m_should_limit_instruction_count)
                         config.enable_instruction_count_limit();
                     config.set_frame(Frame {
-                        main_module_instance,
+                        auxiliary_instance,
                         Vector<Value> {},
                         data.offset,
                         1,
diff --git a/Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp b/Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
index 1dd6d506d8d..1b229c07ec2 100644
--- a/Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
+++ b/Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
@@ -728,6 +728,9 @@ void BytecodeInterpreter::interpret(Configuration& configuration, InstructionPoi
     }
     case Instructions::global_get.value(): {
         auto global_index = instruction.arguments().get<GlobalIndex>();
+        // This check here is for const expressions. In non-const expressions,
+        // a validation error would have been thrown.
+        TRAP_IF_NOT(global_index < configuration.frame().module().globals().size());
         auto address = configuration.frame().module().globals()[global_index.value()];
         dbgln_if(WASM_TRACE_DEBUG, "global({}) -> stack", address.value());
         auto global = configuration.store().get(address);