[webkit-changes] [WebKit/WebKit] d42627: [JSC] new Wasm BBQ should check pointer after zero...
Yusuke Suzuki
noreply at github.com
Fri Feb 17 17:43:17 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d42627301896800ea50894c5c851c7f2eef1fb81
https://github.com/WebKit/WebKit/commit/d42627301896800ea50894c5c851c7f2eef1fb81
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-02-17 (Fri, 17 Feb 2023)
Changed paths:
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
Log Message:
-----------
[JSC] new Wasm BBQ should check pointer after zero-extend
https://bugs.webkit.org/show_bug.cgi?id=252510
rdar://105618299
Reviewed by Justin Michaud.
Wasm address is 32bit value and there is no guarantee that upper bits are cleared.
We need to first zero-extend it to use it as a 64bit pointer. The rest of wasm tiers
are doing it, but new wasm baseline JIT has a bug. This patch fixes it.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::emitCheckAndPreparePointer):
Canonical link: https://commits.webkit.org/260484@main
More information about the webkit-changes
mailing list