Undefined behavior in wasi implementation (and public-facing API is error prone)

[SoniEx2]

The wasi implementation is full of code like (e.g.)

m3ApiRawFunction(m3_wasi_generic_args_sizes_get)
{
    m3ApiReturnType  (uint32_t)
    m3ApiGetArgMem   (__wasi_size_t *      , argc)
    m3ApiGetArgMem   (__wasi_size_t *      , argv_buf_size)

    m3ApiCheckMem(argc,             sizeof(__wasi_size_t));
    m3ApiCheckMem(argv_buf_size,    sizeof(__wasi_size_t));

but this can create UB by blowing past the end of the allocated memory when doing m3ApiGetArgMem. Simply blowing past the allocation is enough to make it UB, regardless of the presence of m3ApiCheckMem.

This entire m3ApiGetArgMem API is extremely error-prone.

[vshymanskyy]

Any suggestions on how to fix it?

[SoniEx2]

we would get rid of m3ApiGetArgMem entirely.

m3ApiCheckMem seems inherently unsound too, as in most cases you'd either be passing valid pointers which pass the mem check, or you'd be passing invalid pointers which are UB. so that would have to be replaced.

alternatively: instead of getting rid of m3ApiGetArgMem, we could bake m3ApiCheckMem into it, but without the UB, and get rid of m3ApiCheckMem instead.

edit: hmm m3ApiCheckMem actually looks fine for use on arrays... but the initial m3ApiGetArgMem should have its own checks.

[SoniEx2]

another problem with m3ApiGetArgMem is pointer alignment...