Bug 166475
| Summary: | WebAssembly: parseVarUInt1 should take a uint32_t not a uint8_t | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Saam Barati <saam> |
| Component: | JavaScriptCore | Assignee: | Saam Barati <saam> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | benjamin, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, oliver, ticaiolima, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Saam Barati
We're loosing the top 3 bytes here, and that's bad. We loose them because we do static_cast<uint32_t>(uint8_t).
This is bad if say I parseVarUint1 and expect the result to be zero.
Right now, if somebody passed in:
0xffffff00
We'd think it's zero because of how we drop the top 3 bytes. That's clearly wrong.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/29803564>
Saam Barati
The bug is actually here:
```
232 template<typename SuccessType>
233 ALWAYS_INLINE bool Parser<SuccessType>::parseVarUInt1(uint8_t& result)
234 {
235 uint32_t temp;
236 if (!parseVarUInt32(temp))
237 return false;
238 result = static_cast<uint8_t>(temp);
239 return temp <= 1;
240 }
```
We should check the value before the cast!
I'll just fix this as part of:
https://bugs.webkit.org/show_bug.cgi?id=166448
Saam Barati
*** This bug has been marked as a duplicate of bug 166448 ***