Don't leak when panics/traps happen

Author: alexcrichton

crates/api/src/trampoline/func.rs

@@ -2,7 +2,7 @@
 
 use super::create_handle::create_handle;
 use super::trap::TrapSink;
-use crate::{Callable, FuncType, Store, Val};
+use crate::{Callable, FuncType, Store, Trap, Val};
 use anyhow::{bail, Result};
 use std::cmp;
 use std::convert::TryFrom;
@@ -71,43 +71,21 @@ unsafe extern "C" fn stub_fn(
     call_id: u32,
     values_vec: *mut i128,
 ) {
-    let mut instance = InstanceHandle::from_vmctx(vmctx);
-
-    let (args, returns_len) = {
-        let module = instance.module_ref();
-        let signature = &module.signatures[module.functions[FuncIndex::new(call_id as usize)]];
-
-        let mut args = Vec::new();
-        for i in 2..signature.params.len() {
-            args.push(Val::read_value_from(
-                values_vec.offset(i as isize - 2),
-                signature.params[i].value_type,
-            ))
-        }
-        (args, signature.returns.len())
-    };
-
-    let mut returns = vec![Val::null(); returns_len];
-    let state = &instance
-        .host_state()
-        .downcast_mut::<TrampolineState>()
-        .expect("state");
-
     // Be sure to `catch_unwind` here in case our callable panics, and if so we
     // need to manually carry the panic across the JIT frames back to the
     // original call-site of wasm code. Note that eventually we may be able to
     // JIT code such that native unwinding can unwind through those frames, but
     // for now it's just easier to always catch panics.
-    let result = panic::catch_unwind(AssertUnwindSafe(|| state.func.call(&args, &mut returns)));
+    //
+    // Also note that there are intentionally no local variables on this stack
+    // frame. The reason for that is that some of the "raise" functions we have
+    // below will trigger a longjmp, which won't run local destructors if we
+    // have any. To prevent leaks we avoid having any local destructors by
+    // avoiding local variables.
+    let result = panic::catch_unwind(AssertUnwindSafe(|| call_stub(vmctx, call_id, values_vec)));
+
     match result {
-        // On success we write out all the results into the return pointer that
-        // we were given.
-        Ok(Ok(())) => {
-            for (i, r#return) in returns.iter_mut().enumerate() {
-                // TODO check signature.returns[i].value_type ?
-                r#return.write_value_to(values_vec.add(i));
-            }
-        }
+        Ok(Ok(())) => {}
 
         // If a trap was raised (an error returned from the imported function)
         // then we smuggle the trap through `Box<dyn Error>` through to the
@@ -121,6 +99,40 @@ unsafe extern "C" fn stub_fn(
         // platforms.
         Err(panic) => wasmtime_runtime::resume_panic(panic),
     }
+
+    unsafe fn call_stub(
+        vmctx: *mut VMContext,
+        call_id: u32,
+        values_vec: *mut i128,
+    ) -> Result<(), Trap> {
+        let mut instance = InstanceHandle::from_vmctx(vmctx);
+
+        let (args, returns_len) = {
+            let module = instance.module_ref();
+            let signature = &module.signatures[module.functions[FuncIndex::new(call_id as usize)]];
+
+            let mut args = Vec::new();
+            for i in 2..signature.params.len() {
+                args.push(Val::read_value_from(
+                    values_vec.offset(i as isize - 2),
+                    signature.params[i].value_type,
+                ))
+            }
+            (args, signature.returns.len())
+        };
+
+        let mut returns = vec![Val::null(); returns_len];
+        let state = &instance
+            .host_state()
+            .downcast_mut::<TrampolineState>()
+            .expect("state");
+        state.func.call(&args, &mut returns)?;
+        for (i, r#return) in returns.iter_mut().enumerate() {
+            // TODO check signature.returns[i].value_type ?
+            r#return.write_value_to(values_vec.add(i));
+        }
+        Ok(())
+    }
 }
 
 /// Create a trampoline for invoking a Callable.