[webkit-reviews] review granted: [Bug 178946] WebAssembly: update arbitrary limits to what browsers use : [Attachment 325177] patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 27 10:58:12 PDT 2017


Saam Barati <sbarati at apple.com> has granted JF Bastien <jfbastien at apple.com>'s
request for review:
Bug 178946: WebAssembly: update arbitrary limits to what browsers use
https://bugs.webkit.org/show_bug.cgi?id=178946

Attachment 325177: patch

https://bugs.webkit.org/attachment.cgi?id=325177&action=review




--- Comment #4 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 325177
  --> https://bugs.webkit.org/attachment.cgi?id=325177
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=325177&action=review

> Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:514
> +    size_t totalBytes = m_locals.size() + count;

Don't you want this to be Checked?

> Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:515
> +    WASM_COMPILE_FAIL_IF((static_cast<uint32_t>(totalBytes) < count) ||
!m_locals.tryReserveCapacity(totalBytes), "can't allocate memory for ",
totalBytes, " locals");

Why not use Checked?

> Source/JavaScriptCore/wasm/WasmFormat.cpp:41
> +    size_t totalBytes = sizeof(Segment) + sizeInBytes;
> +    if (static_cast<uint32_t>(totalBytes) < sizeInBytes)
> +	   return nullptr;

Why not use checked<uint32_t>?

> Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp:65
> +    m_jsFunctions =
MallocPtr<WriteBarrier<JSObject>>::malloc((sizeof(WriteBarrier<JSObject>) *
Checked<size_t>(size())).unsafeGet());

why?


More information about the webkit-reviews mailing list