Skip to content

fix: clear exec_env_tls when destroying exec_env #4774

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
teamchong wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: clear exec_env_tls when destroying exec_env #4774

teamchong wants to merge 1 commit into from

Conversation

@teamchong
Copy link

@teamchong teamchong commented Dec 29, 2025
edited
Loading

Problem

When wasm_exec_env_destroy() is called, exec_env_tls (thread-local storage used by signal handlers for hardware bounds checking) may still point to the exec_env being destroyed. On subsequent WASM executions in the same thread, if a signal occurs (e.g., SIGSEGV for bounds checking), the signal handler accesses freed memory and crashes.

Solution

Clear exec_env_tls if it points to the exec_env being destroyed. This is a simple defensive check that prevents dangling pointer issues.

#ifdef OS_ENABLE_HW_BOUND_CHECK
    WASMExecEnv *current_tls = wasm_runtime_get_exec_env_tls();
    if (current_tls == exec_env) {
        wasm_runtime_set_exec_env_tls(NULL);
    }
#endif

Use Case

Daemon-style execution patterns (like Cloudflare Workers) where the same thread runs multiple WASM modules sequentially without forking. Each module creates its own exec_env, runs, then destroys it. Without this fix, the TLS can point to a destroyed exec_env, causing crashes on subsequent runs.

Testing

  • Tested in production daemon-style execution with 100+ consecutive AOT runs without crashes
  • No regression in existing tests expected (the fix only adds a NULL check)

Related

@teamchong
fix: clear exec_env_tls when destroying exec_env
628d411 
When an exec_env is destroyed, check if it matches the current thread's
exec_env_tls and clear it to avoid dangling pointer issues.

Without this fix, in daemon-style execution where the same thread runs
multiple WASM modules sequentially (like Cloudflare Workers), the
exec_env_tls can point to freed memory after an exec_env is destroyed,
causing crashes on subsequent executions when the signal handler tries
to access it.

This is critical for AOT mode with hardware bounds checking enabled,
where signal handlers rely on exec_env_tls to handle SIGSEGV properly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@loganek loganek Awaiting requested review from loganek loganek is a code owner

@lum1n0us lum1n0us Awaiting requested review from lum1n0us lum1n0us is a code owner

@no1wudi no1wudi Awaiting requested review from no1wudi no1wudi is a code owner

@TianlongLiang TianlongLiang Awaiting requested review from TianlongLiang TianlongLiang is a code owner

@yamt yamt Awaiting requested review from yamt yamt is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@teamchong