Index: lib/Object/WasmObjectFile.cpp
===================================================================
--- lib/Object/WasmObjectFile.cpp
+++ lib/Object/WasmObjectFile.cpp
@@ -768,8 +768,13 @@
 Error WasmObjectFile::parseFunctionSection(const uint8_t *Ptr, const uint8_t *End) {
   uint32_t Count = readVaruint32(Ptr);
   FunctionTypes.reserve(Count);
+  uint32_t MaxType = Signatures.size();
   while (Count--) {
-    FunctionTypes.push_back(readVaruint32(Ptr));
+    uint32_t Type = readVaruint32(Ptr);
+    if (Type >= MaxType)
+      return make_error<GenericBinaryError>("Invalid function type index",
+                                            object_error::parse_failed);
+    FunctionTypes.push_back(Type);
   }
   if (Ptr != End)
     return make_error<GenericBinaryError>("Function section ended prematurely",
Index: test/ObjectYAML/wasm/export_section.yaml
===================================================================
--- test/ObjectYAML/wasm/export_section.yaml
+++ test/ObjectYAML/wasm/export_section.yaml
@@ -3,6 +3,11 @@
 FileHeader:
   Version:         0x00000001
 Sections:
+  - Type:            TYPE
+    Signatures:
+      - Index:           0
+        ReturnType:      NORESULT
+        ParamTypes:
   - Type:            FUNCTION
     FunctionTypes: [ 0, 0 ]
   - Type:            GLOBAL
Index: test/ObjectYAML/wasm/function_section.yaml
===================================================================
--- test/ObjectYAML/wasm/function_section.yaml
+++ test/ObjectYAML/wasm/function_section.yaml
@@ -3,6 +3,15 @@
 FileHeader:
   Version:         0x00000001
 Sections:
+  - Type:            TYPE
+    Signatures:
+      - Index:           0
+        ReturnType:      NORESULT
+        ParamTypes:
+      - Index:           1
+        ReturnType:      NORESULT
+        ParamTypes:
+          - I32
   - Type:            FUNCTION
     FunctionTypes: [ 1, 0 ]
   - Type:            CODE