Bug 224268

Summary: [JSC] WasmMemory caging should care about nullptr
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, cdumez, cmarcelo, ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mark.lam: review+

Yusuke Suzuki
Reported 2021-04-06 22:13:31 PDT
[JSC] WasmMemory caging should care nullptr
Attachments
Patch (21.30 KB, patch)
2021-04-06 23:16 PDT, Yusuke Suzuki 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2021-04-06 23:15:51 PDT
<rdar://problem/74654838>
Yusuke Suzuki
Comment 2 2021-04-06 23:16:21 PDT
Created attachment 425358 [details] Patch
Mark Lam
Comment 3 2021-04-07 01:13:04 PDT
Comment on attachment 425358 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=425358&action=review r=me > Source/JavaScriptCore/ChangeLog:3 > + [JSC] WasmMemory caging should care nullptr "care about nullptr"? > Source/JavaScriptCore/ChangeLog:10 > + This checking size can include redzone for fast-memory, but this is OK: bound-check pass in LLInt (in upper tiers, we "bounds-check" > JSTests/ChangeLog:3 > + [JSC] WasmMemory caging should care nullptr "care about"
Yusuke Suzuki
Comment 4 2021-04-07 02:29:01 PDT
Committed r275597 (236242@main): <https://commits.webkit.org/236242@main>
Note You need to log in before you can comment on or make changes to this bug.