Bug 289523

Summary: Catch integer overflow on 32-bits in JSWebAssemblyArray.h
Product: WebKit Reporter: Angelos Oikonomopoulos <angelos>
Component: JavaScriptCoreAssignee: Angelos Oikonomopoulos <angelos>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Angelos Oikonomopoulos
Reported 2025-03-11 02:40:06 PDT
The calculation in allocationSizeInBytes can wrap around on 32-bits.
Attachments
Add attachment proposed patch, testcase, etc.
Angelos Oikonomopoulos
Comment 1 2025-03-11 02:45:25 PDT
Pull request: https://github.com/WebKit/WebKit/pull/42250
Radar WebKit Bug Importer
Comment 2 2025-03-18 02:40:19 PDT
<rdar://problem/147296535>
EWS
Comment 3 2025-03-19 07:42:26 PDT
Committed 292355@main (4b568b921b7a): <https://commits.webkit.org/292355@main> Reviewed commits have been landed. Closing PR #42250 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.