From c7b4af9171a9157bc7f34162ff2fe08eb34cea7b Mon Sep 17 00:00:00 2001 From: Yi LIU Date: Sat, 14 Feb 2026 00:01:25 +0800 Subject: [PATCH] Fix doStoreLane falling through on OOB memory access When the memory range check fails in doStoreLane, the function called trap() but did not return, causing execution to fall through into the lane extraction and write code with a null/invalid memory range. --- src/engine/v3/V3Interpreter.v3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/engine/v3/V3Interpreter.v3 b/src/engine/v3/V3Interpreter.v3 index 3465c453f..d8a35978c 100644 --- a/src/engine/v3/V3Interpreter.v3 +++ b/src/engine/v3/V3Interpreter.v3 @@ -1562,7 +1562,7 @@ class V3Interpreter extends WasmStack { var v = pops(); var t = decodeMemArgAndGetMemoryRange(accessor.size); var idx = codeptr.read1(); // get lane immediate - if (t.reason != TrapReason.NONE) trap(t.reason); + if (t.reason != TrapReason.NONE) return void(trap(t.reason)); // Extract lane var low = v.0, high = v.1; var val: T;