From 9adf74a95ac2d1796fe0d1259daabccdc46326f7 Mon Sep 17 00:00:00 2001
From: Philip Craig <philipjcraig@gmail.com>
Date: Wed, 20 Mar 2024 14:19:46 +1000
Subject: [PATCH 1/3] read/wasm: validate function indices

---
 src/read/wasm.rs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/read/wasm.rs b/src/read/wasm.rs
index cdb2e429..73b6729b 100644
--- a/src/read/wasm.rs
+++ b/src/read/wasm.rs
@@ -205,8 +205,9 @@ impl<'data, R: ReadRef<'data>> WasmFile<'data, R> {
                                 if let Some(local_func_id) =
                                     export.index.checked_sub(imported_funcs_count)
                                 {
-                                    let local_func_kind =
-                                        &mut local_func_kinds[local_func_id as usize];
+                                    let local_func_kind = local_func_kinds
+                                        .get_mut(local_func_id as usize)
+                                        .read_error("Invalid Wasm export index")?;
                                     if let LocalFunctionKind::Unknown = local_func_kind {
                                         *local_func_kind = LocalFunctionKind::Exported {
                                             symbol_ids: Vec::new(),
@@ -273,7 +274,9 @@ impl<'data, R: ReadRef<'data>> WasmFile<'data, R> {
                         file.entry = address;
                     }
 
-                    let local_func_kind = &mut local_func_kinds[i];
+                    let local_func_kind = local_func_kinds
+                        .get_mut(i)
+                        .read_error("Invalid Wasm code section index")?;
                     match local_func_kind {
                         LocalFunctionKind::Unknown => {
                             *local_func_kind = LocalFunctionKind::Local {

From 25fdef30a238a56435ad63479120dcae79883182 Mon Sep 17 00:00:00 2001
From: Philip Craig <philipjcraig@gmail.com>
Date: Wed, 20 Mar 2024 14:21:07 +1000
Subject: [PATCH 2/3] read/wasm: don't try to parse components

The current code is only designed to support a single module.
---
 src/read/mod.rs  | 2 +-
 src/read/wasm.rs | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/read/mod.rs b/src/read/mod.rs
index 60e50d65..9c866ef1 100644
--- a/src/read/mod.rs
+++ b/src/read/mod.rs
@@ -307,7 +307,7 @@ impl FileKind {
             #[cfg(feature = "macho")]
             [0xca, 0xfe, 0xba, 0xbf, ..] => FileKind::MachOFat64,
             #[cfg(feature = "wasm")]
-            [0x00, b'a', b's', b'm', ..] => FileKind::Wasm,
+            [0x00, b'a', b's', b'm', _, _, 0x00, 0x00] => FileKind::Wasm,
             #[cfg(feature = "pe")]
             [b'M', b'Z', ..] if offset == 0 => {
                 // offset == 0 restriction is because optional_header_magic only looks at offset 0
diff --git a/src/read/wasm.rs b/src/read/wasm.rs
index 73b6729b..b1705df8 100644
--- a/src/read/wasm.rs
+++ b/src/read/wasm.rs
@@ -113,6 +113,11 @@ impl<'data, R: ReadRef<'data>> WasmFile<'data, R> {
             let payload = payload.read_error("Invalid Wasm section header")?;
 
             match payload {
+                wp::Payload::Version { encoding, .. } => {
+                    if encoding != wp::Encoding::Module {
+                        return Err(Error("Unsupported Wasm encoding"));
+                    }
+                }
                 wp::Payload::TypeSection(section) => {
                     file.add_section(SectionId::Type, section.range(), "");
                 }

From 6b4adc8b2005509db8b191820be2704fd91cbaf5 Mon Sep 17 00:00:00 2001
From: Philip Craig <philipjcraig@gmail.com>
Date: Wed, 20 Mar 2024 14:22:11 +1000
Subject: [PATCH 3/3] read/wasm: handle tag sections

---
 src/read/wasm.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/read/wasm.rs b/src/read/wasm.rs
index b1705df8..6c96f43c 100644
--- a/src/read/wasm.rs
+++ b/src/read/wasm.rs
@@ -32,9 +32,10 @@ enum SectionId {
     Code = 10,
     Data = 11,
     DataCount = 12,
+    Tag = 13,
 }
 // Update this constant when adding new section id:
-const MAX_SECTION_ID: usize = SectionId::DataCount as usize;
+const MAX_SECTION_ID: usize = SectionId::Tag as usize;
 
 /// A WebAssembly object file.
 #[derive(Debug)]
@@ -314,6 +315,9 @@ impl<'data, R: ReadRef<'data>> WasmFile<'data, R> {
                 wp::Payload::DataCountSection { range, .. } => {
                     file.add_section(SectionId::DataCount, range, "");
                 }
+                wp::Payload::TagSection(section) => {
+                    file.add_section(SectionId::Tag, section.range(), "");
+                }
                 wp::Payload::CustomSection(section) => {
                     let name = section.name();
                     let size = section.data().len();
@@ -691,6 +695,7 @@ impl<'data, 'file, R: ReadRef<'data>> ObjectSection<'data> for WasmSection<'data
             SectionId::Code => "<code>",
             SectionId::Data => "<data>",
             SectionId::DataCount => "<data_count>",
+            SectionId::Tag => "<tag>",
         })
     }
 
@@ -723,6 +728,7 @@ impl<'data, 'file, R: ReadRef<'data>> ObjectSection<'data> for WasmSection<'data
             SectionId::Code => SectionKind::Text,
             SectionId::Data => SectionKind::Data,
             SectionId::DataCount => SectionKind::UninitializedData,
+            SectionId::Tag => SectionKind::Data,
         }
     }