Bug 234967
| Summary: | JSC::Wasm::setWasmTableElement() falls through ASSERT_NOT_REACHED() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> |
| Component: | WebAssembly | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | keith_miller, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 234932 | ||
| Bug Blocks: | |||
David Kilzer (:ddkilzer)
JSC::Wasm::setWasmTableElement() falls through ASSERT_NOT_REACHED().
The functions should return `false` after both ASSERT_NOT_REACHED() statements rather than falling through and returning `true`.
static bool setWasmTableElement(Instance* instance, unsigned tableIndex, uint32_t index, EncodedJSValue encValue)
{
ASSERT(tableIndex < instance->module().moduleInformation().tableCount());
if (index >= instance->table(tableIndex)->length())
return false;
JSValue value = JSValue::decode(encValue);
if (instance->table(tableIndex)->type() == Wasm::TableElementType::Externref)
instance->table(tableIndex)->set(index, value);
else if (instance->table(tableIndex)->type() == Wasm::TableElementType::Funcref) {
WebAssemblyFunction* wasmFunction;
WebAssemblyWrapperFunction* wasmWrapperFunction;
if (isWebAssemblyHostFunction(instance->owner<JSObject>()->vm(), value, wasmFunction, wasmWrapperFunction)) {
ASSERT(!!wasmFunction || !!wasmWrapperFunction);
if (wasmFunction)
instance->table(tableIndex)->asFuncrefTable()->setFunction(index, jsCast<JSObject*>(value), wasmFunction->importableFunction(), &wasmFunction->instance()->instance());
else
instance->table(tableIndex)->asFuncrefTable()->setFunction(index, jsCast<JSObject*>(value), wasmWrapperFunction->importableFunction(), &wasmWrapperFunction->instance()->instance());
} else if (value.isNull())
instance->table(tableIndex)->clear(index);
else
ASSERT_NOT_REACHED();
} else
ASSERT_NOT_REACHED();
return true;
}
See Source/JavaScriptCore/wasm/WasmOperations.cpp.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/87260620>
Keith Miller
I don't think it matters if it returns `true` or `false`. That return boolean is to flag whether an Out of Bounds memory exception should be thrown but any access triggering one of those asserts isn't out of bounds.
Do you think that an OoB exception is better than a no-op if we have a bug in our implementation? It seems to me a no-op is easier to work around for a dev?