Fix out-of-bounds read in wasm loader (#156)

Author: greenknot

core/iwasm/runtime/vmcore-wasm/wasm_loader.c

@@ -55,7 +55,15 @@ read_leb(const uint8 *buf, const uint8 *buf_end,
     uint64 byte;
 
     while (true) {
-        CHECK_BUF(buf, buf_end, 1);
+        /* Check if the byte count exteeds the max byte count allowed */
+        if (bcnt + 1 > (maxbits + 6) / 7) {
+            set_error_buf(error_buf, error_buf_size,
+                          "WASM module load failed: "
+                          "integer representation too long");
+            return false;
+        }
+        /* Check buffer */
+        CHECK_BUF(buf, buf_end, *p_offset + 1);
         byte = buf[*p_offset];
         *p_offset += 1;
         result |= ((byte & 0x7f) << shift);
@@ -66,13 +74,6 @@ read_leb(const uint8 *buf, const uint8 *buf_end,
         }
     }
 
-    if (bcnt > (maxbits + 6) / 7) {
-        set_error_buf(error_buf, error_buf_size,
-                      "WASM module load failed: "
-                      "integer representation too long");
-        return false;
-    }
-
     if (!sign && maxbits == 32 && shift >= maxbits) {
         /* The top bits set represent values > 32 bits */
         if (((uint8)byte) & 0xf0)