Bug 279527
| Summary: | [WASM] Incorrect indexing in recursion group when checking subtype validity | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | David Degazio <d_degazio> |
| Component: | WebAssembly | Assignee: | David Degazio <d_degazio> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
David Degazio
rdar://134582688
In the WASM section parser, after we finish parsing a recursion group, we check that all subtype relations for types within the group are valid. Currently, this is done via
const TypeDefinition& def = m_info->typeSignatures[i].get().unroll();
However, the i in this case refers to the indices of the list of types in the recursion group, not type indices in the module overall. So if we want to consider the type at index zero of a recursion group starting at, say, 10, we instead get the type zero for the whole module - whichever type was defined first.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
David Degazio
Pull request: https://github.com/WebKit/WebKit/pull/33498
EWS
Committed 283568@main (692b33ef1461): <https://commits.webkit.org/283568@main>
Reviewed commits have been landed. Closing PR #33498 and removing active labels.
EWS
Committed 283286.31@safari-7620-branch (8ef535b99832): <https://commits.webkit.org/283286.31@safari-7620-branch>
Reviewed commits have been landed. Closing PR #1760 and removing active labels.