heap-buffer-overflow in setup_call

[haruki3hhh]

Version

385e13ca840100f70d05781f45209da82fb6c45c

Compile

CFLAGS="-g -fsanitize=address" make

ASAN Report

root@9dc6ce043bcb:~/Ablation/wasm-fuzz/fuzz_out_wac/crashes# ./wace id:000207,sig:11,src:001719,op:python,pos:0
=================================================================
==6667==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf46029f4 at pc 0x56652d14 bp 0xffff6568 sp 0xffff6558
READ of size 4 at 0xf46029f4 thread T0
    #0 0x56652d13 in setup_call /root/Ablation/wac-asan/wa.c:525
    #1 0x566544fb in interpret /root/Ablation/wac-asan/wa.c:738
    #2 0x56665459 in load_module /root/Ablation/wac-asan/wa.c:1911
    #3 0x566670e9 in main /root/Ablation/wac-asan/wace.c:64
    #4 0xf7472ed4 in __libc_start_main ../csu/libc-start.c:308
    #5 0x5664a704 in _start (/root/Ablation/wac-asan/wace+0x3704)

0xf46029f4 is located 4 bytes to the right of 112-byte region [0xf4602980,0xf46029f0)
allocated by thread T0 here:
    #0 0xf7ac59f7 in __interceptor_calloc ../../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
    #1 0x56666299 in acalloc /root/Ablation/wac-asan/platform_libc.c:16
    #2 0x56660a22 in load_module /root/Ablation/wac-asan/wa.c:1502
    #3 0x566670e9 in main /root/Ablation/wac-asan/wace.c:64
    #4 0xf7472ed4 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-buffer-overflow /root/Ablation/wac-asan/wa.c:525 in setup_call

Reproduce

./wace https://github.com/haruki3hhh/fuzzing/blob/main/wac/id%3A000207%2Csig%3A11%2Csrc%3A001719%2Cop%3Apython%2Cpos%3A0