From 00fa5061a19fab64535ff2f99e97234eed72be29 Mon Sep 17 00:00:00 2001
From: Alon Zakai <azakai@google.com>
Date: Tue, 17 Mar 2026 13:11:11 -0700
Subject: [PATCH] [Stack Switching] Trap on cont.bind of a null continuation

---
 src/wasm-interpreter.h           |  7 ++++++-
 test/lit/exec/cont_bindings.wast | 11 +++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
index 369745d0b67..bd669ef2cef 100644
--- a/src/wasm-interpreter.h
+++ b/src/wasm-interpreter.h
@@ -4770,9 +4770,14 @@ class ModuleRunnerBase : public ExpressionRunner<SubType> {
     VISIT_ARGUMENTS(flow, curr->operands, arguments)
     VISIT(cont, curr->cont)
 
+    auto contValue = cont.getSingleValue();
+    if (contValue.isNull()) {
+      trap("null ref");
+    }
+
     // Create a new continuation, copying the old but with the new type +
     // arguments.
-    auto old = cont.getSingleValue().getContData();
+    auto old = contValue.getContData();
     auto newData = *old;
     newData.type = curr->type.getHeapType();
     for (auto arg : arguments) {
diff --git a/test/lit/exec/cont_bindings.wast b/test/lit/exec/cont_bindings.wast
index ace6eac773c..c6e4b75572a 100644
--- a/test/lit/exec/cont_bindings.wast
+++ b/test/lit/exec/cont_bindings.wast
@@ -43,5 +43,16 @@
    )
   )
  )
+
+ ;; CHECK:      [fuzz-exec] calling null-binding
+ ;; CHECK-NEXT: [trap null ref]
+ (func $null-binding (export "null-binding")
+  (drop
+   (cont.bind $C1 $C2
+    (i32.const 42)
+    (ref.null $C1)
+   )
+  )
+ )
 )