Bug when accessing string compiled into binary

[cmichi]

I believe I found a bug in one of the polkavm components. I've put the reproducer here.

The reproducer program tries to output a string that is already present in its own blob (in the .data section, I think). But instead of printing the intended string ("Success" in the reproducer) we get an artifact from another string present in the blob. The length of the printed string is correct, the output is just a different part of another string from the blob.

cd examples/program-for-bug/
cargo +nightly build --release --no-default-features --target ../../crates/polkavm-linker/riscv64emac-unknown-none-polkavm.json -Zbuild-std="core,alloc" 

cd ../trigger-bug/
INPUT=../program-for-bug/target/riscv64emac-unknown-none-polkavm/release/program-for-bug cargo run

The output will be along the lines of

Calling into the guest program:
print: "heap: the nul"
print: "stack: "
print: "the nul"

This is wrong, it should be

Calling into the guest program:
print: "heap: Success"
print: "stack: Success"

The string the nul is present in the blob and part of a longer string. This can be checked via strings $INPUT. The length (7) corresponds to the length of "Success".

The bug also occurs if I use a different Rust version or don't use an allocator. If I don't include an allocator, the fragment that is output is just different.

Compiling program-for-bug without --release seems to mitigate the bug at least for the heap variant:

Calling into the guest program:
print: "heap: Success"
thread 'main' panicked at examples/trigger-bug/src/main.rs:48:10:
called `Result::unwrap()` on an `Err` value: Trap