[webkit-changes] [WebKit/WebKit] 9fbb6a: [JSC] Validate funcref from JS function
Yusuke Suzuki
noreply at github.com
Tue Jan 17 17:11:36 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9fbb6a1b55afd7c1d3a4fff33578dd334242bb6c
https://github.com/WebKit/WebKit/commit/9fbb6a1b55afd7c1d3a4fff33578dd334242bb6c
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-01-17 (Tue, 17 Jan 2023)
Changed paths:
A JSTests/wasm/stress/funcref-validation.js
A JSTests/wasm/stress/resources/funcref-validation.wasm
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperations.h
M Source/JavaScriptCore/wasm/js/WasmToJS.cpp
Log Message:
-----------
[JSC] Validate funcref from JS function
https://bugs.webkit.org/show_bug.cgi?id=250732
rdar://104332115
Reviewed by Justin Michaud and Mark Lam.
This patch fixes funcref validation from JS function. We need to ensure that funcref value from JS
is actually Wasm functions. Fortunately, our use of funcref from wasm is always validating them, so,
it is just a semantic bug.
* JSTests/wasm/stress/funcref-validation.js: Added.
(async let):
* JSTests/wasm/stress/resources/funcref-validation.wasm: Added.
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
Canonical link: https://commits.webkit.org/259011@main
More information about the webkit-changes
mailing list