Panic in `wasmtime::component::Component::from_binary` with a truncated WASM component file

[maxbrunsfeld]

Test Case

Wasm file: truncated.wasm.zip

Steps to Reproduce

const TRUNCATED_WASM: &[u8] = include_bytes!("truncated.wasm");

async fn test() {
    let mut config = wasmtime::Config::new();
    config.wasm_component_model(true);
    config.async_support(true);

    let engine = wasmtime::Engine::new(&config).unwrap();

    wasmtime::component::Component::from_binary(&engine, TRUNCATED_WASM).await;
}

Expected Results

The Component::from_binary call should return an Err value.

Actual Results

Thread "main" panicked with "range end index 267037 out of range for slice of length 253952" at ~.cargo/registry/src/index.crates.io-6f17d22bba15001f/wasmtime-environ-19.0.0/src/component/translate.rs:537:46

   5: core::panicking::panic_fmt
             at /rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04/library/core/src/panicking.rs:72:14
   6: core::slice::index::slice_end_index_len_fail_rt
             at /rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04/library/core/src/slice/index.rs:76:5
      core::slice::index::slice_end_index_len_fail
             at /rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04/library/core/src/slice/index.rs:68:9
   7: <core::ops::range::Range<usize> as core::slice::index::SliceIndex<[T]>>::index
             at /rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04/library/core/src/slice/index.rs:394:13
      core::slice::index::<impl core::ops::index::Index<I> for [T]>::index
             at /rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04/library/core/src/slice/index.rs:18:9
      wasmtime_environ::component::translate::Translator::translate_payload
             at /home/luke/.cargo/registry/src/index.crates.io-6f17d22bba15001f/wasmtime-environ-19.0.0/src/component/translate.rs:537:46
   8: wasmtime_environ::component::translate::Translator::translate
             at /home/luke/.cargo/registry/src/index.crates.io-6f17d22bba15001f/wasmtime-environ-19.0.0/src/component/translate.rs:329:19
   9: wasmtime::compile::build_component_artifacts
             at /home/luke/.cargo/registry/src/index.crates.io-6f17d22bba15001f/wasmtime-19.0.0/src/compile.rs:127:9
      wasmtime::runtime::component::component::Component::from_binary
             at /home/luke/.cargo/registry/src/index.crates.io-6f17d22bba15001f/wasmtime-19.0.0/src/runtime/component/component.rs:234:41

Versions and Environment

Wasmtime version or commit: 19.0.0
Operating system: macOS
Architecture: aarch64

Extra Info

• We produced this binary by taking a valid wasm component, and then truncating it a certain offset.
• We can work around this bug for now by validating the components with wasmparser before attempting to instantiate them.

[fitzgen]

Thanks!

FWIW, also reproduces with

cargo run -- compile testcase.wasm

[fitzgen]

Fix in #8323

@maxbrunsfeld do you want us to cut a point release with this fix?

[maxbrunsfeld]

That'd be great! Thanks @fitzgen.

[fitzgen]

Backport in #8325