[Webkit-unassigned] [Bug 251133] New: [Wasm-GC] Fix null checks for struct operations
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 24 21:15:57 PST 2023
https://bugs.webkit.org/show_bug.cgi?id=251133
Bug ID: 251133
Summary: [Wasm-GC] Fix null checks for struct operations
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebAssembly
Assignee: webkit-unassigned at lists.webkit.org
Reporter: asumu at igalia.com
There's a bug in the implementation of Wasm GC struct instructions such as `struct.get` and `struct.set`, in that they don't correctly implement null ref checks.
Here's an example test case (can run in the JSTests/wasm/gc test directory):
```
import * as assert from "../assert.js";
import { compile, instantiate } from "./wast-wrapper.js";
let m = instantiate(`
(module
(type (struct (field i32)))
(func (export "f") (result i32)
(struct.get 0 0 (ref.null 0)))
)
`);
m.exports.f();
```
This currently crashes, instead of raising a trap exception as needed.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230125/6b34b6c2/attachment.htm>
More information about the webkit-unassigned
mailing list