Bug 292796

Summary:	Guard against a null name section in makeString in WasmIndexOrName.h
Product:	WebKit	Reporter:	Vassili Bykov <v_bykov>
Component:	JavaScriptCore	Assignee:	Vassili Bykov <v_bykov>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	bfulgham, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Vassili Bykov

Reported 2025-05-09 12:00:20 PDT

The makeString implementation in WasmIndexOrName.h does not guard against the name section being null. IndexOrName::dump is basically the same thing, and it does check for the name section being there. Not checking for null may potentially cause a segfault. I'm not sure if a non-empty instance with a null name section is a possibility under normal circumstances , but I hit this while experimenting with some wasm changes.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2025-05-09 12:00:35 PDT

<rdar://problem/151025732>

Vassili Bykov

Comment 2 2025-05-09 12:49:30 PDT

Pull request: https://github.com/apple/WebKit/pull/3073

Vassili Bykov

Comment 3 2025-05-09 13:30:16 PDT

This is only a NULL pointer dereference.

Vassili Bykov

Comment 4 2025-05-09 14:03:04 PDT

Pull request: https://github.com/WebKit/WebKit/pull/45188

EWS

Comment 5 2025-05-09 16:33:53 PDT

Committed 294737@main (67335a3cc0c4): <https://commits.webkit.org/294737@main> Reviewed commits have been landed. Closing PR #45188 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.