Bug 254760
| Summary: | [Wasm-GC] Enforce operand limit for `array.new_canon_fixed` | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Tim Chevalier <tjc> |
| Component: | WebAssembly | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | d_degazio, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 247394 | ||
Tim Chevalier
The spec, https://github.com/WebAssembly/gc/pull/360/files , was recently updated to specify that the maximum number of operands to `array.new_fixed` is 10000 and the implementation should throw a `RuntimeError` if that is exceeded. In the current implementation (about to land; see https://bugs.webkit.org/show_bug.cgi?id=252350 ), no limit is enforced. This should be easy to change in the parser, but unfortunately I'm out of time to work on this.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/107720913>
David Degazio
Keith seems to have resolved this in https://bugs.webkit.org/show_bug.cgi?id=256959.
*** This bug has been marked as a duplicate of bug 256959 ***