Bug 224268

Summary:

[JSC] WasmMemory caging should care about nullptr

Product:

WebKit

Reporter:

Yusuke Suzuki <ysuzuki>

Component:

New Bugs

Assignee:

Yusuke Suzuki <ysuzuki>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, cdumez, cmarcelo, ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mark.lam: review+

Description Yusuke Suzuki 2021-04-06 22:13:31 PDT

[JSC] WasmMemory caging should care nullptr

Comment 1 Yusuke Suzuki 2021-04-06 23:15:51 PDT

<rdar://problem/74654838>

Comment 2 Yusuke Suzuki 2021-04-06 23:16:21 PDT

Created attachment 425358 [details]
Patch

Comment 3 Mark Lam 2021-04-07 01:13:04 PDT

Comment on attachment 425358 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=425358&action=review

r=me

> Source/JavaScriptCore/ChangeLog:3
> +        [JSC] WasmMemory caging should care nullptr

"care about nullptr"?

> Source/JavaScriptCore/ChangeLog:10
> +           This checking size can include redzone for fast-memory, but this is OK: bound-check pass in LLInt (in upper tiers, we

"bounds-check"

> JSTests/ChangeLog:3
> +        [JSC] WasmMemory caging should care nullptr

"care about"

Comment 4 Yusuke Suzuki 2021-04-07 02:29:01 PDT

Committed r275597 (236242@main): <https://commits.webkit.org/236242@main>