[webkit-changes] [WebKit/WebKit] 7214ee: Pad IPInt argumINTBytecode to an even size
Commit Queue
noreply at github.com
Thu Jan 23 11:45:13 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7214ee02bbf60356b32d7742a49150415dbd9e60
https://github.com/WebKit/WebKit/commit/7214ee02bbf60356b32d7742a49150415dbd9e60
Author: Daniel Liu <daniel_liu4 at apple.com>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp
Log Message:
-----------
Pad IPInt argumINTBytecode to an even size
https://bugs.webkit.org/show_bug.cgi?id=286369
rdar://143407486
Reviewed by Yijia Huang and Mark Lam.
During local initialization, we default initialize locals all the way until we
hit the end of our local table. Because of IPInt's design, the local table is
aligned to an even size, meaning that we may read out of bounds by 1 from the
metadata vector. We need to pad this vector with an extra dummy element to make
sure we don't go out of bounds.
* Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp:
(JSC::Wasm::IPIntGenerator::finalize):
Canonical link: https://commits.webkit.org/289308@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list