Bug 308733
| Summary: | Incorrect Maximum Value for WASM Table Section | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | tombox1337 |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | ||
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
tombox1337
`jsc (JavaScriptCore)` fails to reject an invalid WebAssembly module involving the `table section`. Specifically, the module declares 100,001 tables, exceeding the specification maximum of 100,000. According to the WebAssembly specification, the maximum number of tables in a module is 100,000.
### Environment
* OS: Ubuntu 20.04
* CPU: amd64
* jsc (JavaScriptCore) version: `6bcc4ed97d73`
* Commands:
```bash
WebKit/WebKitBuild/JSCOnly/Debug/bin/jsc test.js
```
### Actual behavior
`jsc (JavaScriptCore)` incorrectly accepts this invalid module (exit code 0). The output is:
```
42
```
### Expected behavior
The runtime should reject this module during validation because the module violates the specification.
For reference, `js (SpiderMonkey)` correctly rejects it (exit code 3):
```
CompileError: at offset 300039: too many tables
```
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Duping to a copy with attached test.
*** This bug has been marked as a duplicate of bug 308732 ***