From 315b87c718d6c8dc9c60b48cf1c5bf24d22184de Mon Sep 17 00:00:00 2001
From: Patrick Ventuzelo <ventuzelo.patrick@gmail.com>
Date: Wed, 18 Sep 2019 10:28:49 +0200
Subject: [PATCH 1/2] check index before accessing imports.globals

---
 lib/runtime-core/src/backing.rs | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/lib/runtime-core/src/backing.rs b/lib/runtime-core/src/backing.rs
index 814dc56e79c..710471d158f 100644
--- a/lib/runtime-core/src/backing.rs
+++ b/lib/runtime-core/src/backing.rs
@@ -149,6 +149,11 @@ impl LocalBacking {
                     }]);
                 }
                 Initializer::GetGlobal(import_global_index) => {
+                    if import_global_index.index() >= imports.globals.len() {
+                        return Err(vec![LinkError::Generic {
+                            message: "incorrect global index for initializer".to_string(),
+                        }]);
+                    }
                     if let Value::I32(x) = imports.globals[import_global_index].get() {
                         x as u32
                     } else {
@@ -205,6 +210,11 @@ impl LocalBacking {
                     }]);
                 }
                 Initializer::GetGlobal(import_global_index) => {
+                    if import_global_index.index() >= imports.globals.len() {
+                        return Err(vec![LinkError::Generic {
+                            message: "incorrect global index for initializer".to_string(),
+                        }]);
+                    }
                     if let Value::I32(x) = imports.globals[import_global_index].get() {
                         x as u32
                     } else {
@@ -273,6 +283,11 @@ impl LocalBacking {
                     }]);
                 }
                 Initializer::GetGlobal(import_global_index) => {
+                    if import_global_index.index() >= imports.globals.len() {
+                        return Err(vec![LinkError::Generic {
+                            message: "incorrect global index for initializer".to_string(),
+                        }]);
+                    }
                     if let Value::I32(x) = imports.globals[import_global_index].get() {
                         x as u32
                     } else {
@@ -326,6 +341,11 @@ impl LocalBacking {
                     }]);
                 }
                 Initializer::GetGlobal(import_global_index) => {
+                    if import_global_index.index() >= imports.globals.len() {
+                        return Err(vec![LinkError::Generic {
+                            message: "incorrect global index for initializer".to_string(),
+                        }]);
+                    }
                     if let Value::I32(x) = imports.globals[import_global_index].get() {
                         x as u32
                     } else {

From 08665f70852ea1d348540d43740a9a5c2feeda62 Mon Sep 17 00:00:00 2001
From: Patrick Ventuzelo <ventuzelo.patrick@gmail.com>
Date: Wed, 25 Sep 2019 09:28:47 +0200
Subject: [PATCH 2/2] change changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1651f7ffbeb..6eca26c80c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ Blocks of changes will separated by version increments.
 
 ## **[Unreleased]**
 
+- [#809](https://github.com/wasmerio/wasmer/pull/809) Fix bugs leading to panics in `LocalBacking`.
 - [#790](https://github.com/wasmerio/wasmer/pull/790) Fix flaky test failure with LLVM, switch to large code model.
 - [#788](https://github.com/wasmerio/wasmer/pull/788) Use union merge on the changelog file.
 - [#785](https://github.com/wasmerio/wasmer/pull/785) Include Apache license file for spectests.