[webkit-reviews] review granted: [Bug 178946] WebAssembly: update arbitrary limits to what browsers use : [Attachment 325177] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 27 10:58:12 PDT 2017
Saam Barati <sbarati at apple.com> has granted JF Bastien <jfbastien at apple.com>'s
request for review:
Bug 178946: WebAssembly: update arbitrary limits to what browsers use
https://bugs.webkit.org/show_bug.cgi?id=178946
Attachment 325177: patch
https://bugs.webkit.org/attachment.cgi?id=325177&action=review
--- Comment #4 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 325177
--> https://bugs.webkit.org/attachment.cgi?id=325177
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=325177&action=review
> Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:514
> + size_t totalBytes = m_locals.size() + count;
Don't you want this to be Checked?
> Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:515
> + WASM_COMPILE_FAIL_IF((static_cast<uint32_t>(totalBytes) < count) ||
!m_locals.tryReserveCapacity(totalBytes), "can't allocate memory for ",
totalBytes, " locals");
Why not use Checked?
> Source/JavaScriptCore/wasm/WasmFormat.cpp:41
> + size_t totalBytes = sizeof(Segment) + sizeInBytes;
> + if (static_cast<uint32_t>(totalBytes) < sizeInBytes)
> + return nullptr;
Why not use checked<uint32_t>?
> Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp:65
> + m_jsFunctions =
MallocPtr<WriteBarrier<JSObject>>::malloc((sizeof(WriteBarrier<JSObject>) *
Checked<size_t>(size())).unsafeGet());
why?
More information about the webkit-reviews
mailing list