Bug 214901

Summary: WebAssembly validation for call_indirect is incorrect
Product: WebKit Reporter: Tadeu Zagallo <tzagallo>
Component: JavaScriptCoreAssignee: Tadeu Zagallo <tzagallo>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch for landing
none
Patch for landing none

Description Tadeu Zagallo 2020-07-28 15:36:46 PDT 
<rdar://problem/65189677>
Comment 1 Tadeu Zagallo 2020-07-28 16:13:01 PDT 
Created attachment 405426 [details]
Patch
Comment 2 EWS 2020-07-28 18:20:55 PDT 
Found 1 new test failure: workers/wasm-hashset.html
Comment 3 Tadeu Zagallo 2020-07-29 07:54:05 PDT 
Created attachment 405458 [details]
Patch
Comment 4 Saam Barati 2020-07-29 11:18:35 PDT 
Comment on attachment 405458 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=405458&action=review

> Source/JavaScriptCore/wasm/WasmFunctionParser.h:639
> +            if (i > firstArgumentIndex)

why is this the fix?
Comment 5 Tadeu Zagallo 2020-07-29 13:12:48 PDT 
Created attachment 405490 [details]
Patch
Comment 6 Tadeu Zagallo 2020-07-29 15:34:27 PDT 
Created attachment 405515 [details]
Patch for landing
Comment 7 EWS 2020-07-29 15:35:20 PDT 
ChangeLog entry in Source/JavaScriptCore/ChangeLog contains OOPS!.
Comment 8 Tadeu Zagallo 2020-07-29 15:36:15 PDT 
Created attachment 405516 [details]
Patch for landing
Comment 9 EWS 2020-07-29 16:15:13 PDT 
Committed r265065: <https://trac.webkit.org/changeset/265065>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 405516 [details].