[Stack Switching] Trap on cont.bind of a null continuation (#8477)

kripken · web-flow · commit 7c4a4284bed1 · 2026-03-17T14:37:18.000-07:00
Before this we asserted.
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
@@ -4770,9 +4770,14 @@ class ModuleRunnerBase : public ExpressionRunner<SubType> {
     VISIT_ARGUMENTS(flow, curr->operands, arguments)
     VISIT(cont, curr->cont)
 
+    auto contValue = cont.getSingleValue();
+    if (contValue.isNull()) {
+      trap("null ref");
+    }
+
     // Create a new continuation, copying the old but with the new type +
     // arguments.
-    auto old = cont.getSingleValue().getContData();
+    auto old = contValue.getContData();
     auto newData = *old;
     newData.type = curr->type.getHeapType();
     for (auto arg : arguments) {
diff --git a/test/lit/exec/cont_bindings.wast b/test/lit/exec/cont_bindings.wast
@@ -43,5 +43,16 @@
    )
   )
  )
+
+ ;; CHECK:      [fuzz-exec] calling null-binding
+ ;; CHECK-NEXT: [trap null ref]
+ (func $null-binding (export "null-binding")
+  (drop
+   (cont.bind $C1 $C2
+    (i32.const 42)
+    (ref.null $C1)
+   )
+  )
+ )
 )
 

Original file line number	Diff line number	Diff line change
`@@ -43,5 +43,16 @@`
`43`	`43`	`)`
`44`	`44`	`)`
`45`	`45`	`)`
	`46`	`+`
	`47`	`+ ;; CHECK: [fuzz-exec] calling null-binding`
	`48`	`+ ;; CHECK-NEXT: [trap null ref]`
	`49`	`+ (func $null-binding (export "null-binding")`
	`50`	`+ (drop`
	`51`	`+ (cont.bind $C1 $C2`
	`52`	`+ (i32.const 42)`
	`53`	`+ (ref.null $C1)`
	`54`	`+ )`
	`55`	`+ )`
	`56`	`+ )`
`46`	`57`	`)`
`47`	`58`