From db36158e7a5c150364e853735be140f1eef5bbcf Mon Sep 17 00:00:00 2001
From: Martin Fouilleul <martinfouilleul@gmail.com>
Date: Tue, 12 Sep 2023 17:06:01 +0200
Subject: [PATCH] check return pointer sizes in binding stubs

---
 scripts/bindgen.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/scripts/bindgen.py b/scripts/bindgen.py
index 53036ad..1eccf22 100755
--- a/scripts/bindgen.py
+++ b/scripts/bindgen.py
@@ -128,6 +128,12 @@ def bindgen(apiName, spec, **kwargs):
 					retTypeCName = decl['ret'].get('cname', retTypeName)
 					s += retTypeCName + '* __retPtr = (' + retTypeCName + '*)((char*)_mem + *(i32*)&_sp[0]);\n'
 
+					s += '\t{\n'
+					s += '\t\tOC_ASSERT(((char*)__retPtr >= (char*)_mem) && (((char*)__retPtr - (char*)_mem) < m3_GetMemorySize(runtime)), "return pointer is out of bounds");\n'
+					s += '\t\tOC_ASSERT((char*)__retPtr + sizeof(' + retTypeCName + ') <= ((char*)_mem + m3_GetMemorySize(runtime)), "return pointer is out of bounds");\n'
+					s += '\t}\n'
+
+
 			for argIndex, arg in enumerate(decl['args']):
 
 				argName = arg['name']
@@ -193,7 +199,7 @@ def bindgen(apiName, spec, **kwargs):
 						if typeCName.endswith('**') or (typeCName.startswith('void') == False and typeCName.startswith('const void') == False):
 							s += '*sizeof('+typeCName[:-1]+')'
 
-						s += ' <= ((char*)_mem + m3_GetMemorySize(runtime)), "parameter \''+argName+'\' overflows wasm memory");\n'
+						s += ' <= ((char*)_mem + m3_GetMemorySize(runtime)), "parameter \''+argName+'\' is out of bounds");\n'
 						s += '\t}\n'
 
 			s += '\t'