[wasmer_clif_fork_wasm] index out of bounds panic in translation_utils::blocktype_params_results

[pventuzelo]

Describe the bug

Hi guys,

Just found a bug during fuzzing, that's a panic due to an index out of bounds triggered inside wasmer_clif_fork_wasm. The bug can be triggered using wasmer cli v0.16.2 or by calling the method wasmer_runtime::compile.

Bug is here: https://github.com/wasmerio/cranelift/blob/1083db8f68c8eff07e627f15b44d85d0c9f87c8b/cranelift-wasm/src/translation_utils.rs#L192-L196

Steps to reproduce

Download:
panic_oob_clif_fork.zip

$ echo "`wasmer -V` | `rustc -V` | `uname -m`"
wasmer 0.16.2 | rustc 1.42.0-nightly (859764425 2020-01-07) | x86_64
$ wasmer run panic_oob_clif_fork.wasm
thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 0', /rustc/19bd93467617a447c22ec32cc1cf14d40cb84ccf/src/libcore/slice/mod.rs:2806:10
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

BACKTRACE

RUST_BACKTRACE=1 wasmer run panic_oob_clif_fork.wasm
thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 0', /rustc/19bd93467617a447c22ec32cc1cf14d40cb84ccf/src/libcore/slice/mod.rs:2806:10
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/libunwind.rs:88
   1: backtrace::backtrace::trace_unsynchronized
             at /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/mod.rs:66
   2: std::sys_common::backtrace::_print_fmt
             at src/libstd/sys_common/backtrace.rs:84
   3: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
             at src/libstd/sys_common/backtrace.rs:61
   4: core::fmt::write
             at src/libcore/fmt/mod.rs:1025
   5: std::io::Write::write_fmt
             at src/libstd/io/mod.rs:1426
   6: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:65
   7: std::sys_common::backtrace::print
             at src/libstd/sys_common/backtrace.rs:50
   8: std::panicking::default_hook::{{closure}}
             at src/libstd/panicking.rs:193
   9: std::panicking::default_hook
             at src/libstd/panicking.rs:210
  10: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:471
  11: rust_begin_unwind
             at src/libstd/panicking.rs:375
  12: core::panicking::panic_fmt
             at src/libcore/panicking.rs:84
  13: core::panicking::panic_bounds_check
             at src/libcore/panicking.rs:62
  14: wasmer_clif_fork_wasm::translation_utils::blocktype_params_results
  15: wasmer_clif_fork_wasm::code_translator::translate_operator
  16: <wasmer_clif_backend::code::CraneliftFunctionCodeGenerator as wasmer_runtime_core::codegen::FunctionCodeGenerator<wasmer_clif_backend::code::CodegenError>>::feed_event
  17: wasmer_runtime_core::codegen::MiddlewareChain::run
  18: wasmer_runtime_core::parse::read_module
  19: <wasmer_runtime_core::codegen::StreamingCompiler<MCG,FCG,RM,E,CGEN> as wasmer_runtime_core::backend::Compiler>::compile
  20: wasmer_runtime_core::compile_with_config
  21: wasmer_runtime::compile_with_config_with
  22: wasmer::execute_wasm
  23: wasmer::main
  24: std::rt::lang_start::{{closure}}
  25: std::rt::lang_start_internal::{{closure}}
             at src/libstd/rt.rs:52
  26: std::panicking::try::do_call
             at src/libstd/panicking.rs:292
  27: __rust_maybe_catch_panic
             at src/libpanic_unwind/lib.rs:78
  28: std::panicking::try
             at src/libstd/panicking.rs:270
  29: std::panic::catch_unwind
             at src/libstd/panic.rs:394
  30: std::rt::lang_start_internal
             at src/libstd/rt.rs:51
  31: main
  32: __libc_start_main
  33: _start
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

[syrusakbary]

This should be solved in the refactor. Closing the issue!