Bug 313789

Summary:	Wasm IPInt multimemory bounds check underflow for nonzero memories
Product:	WebKit	Reporter:	anand_srinivasan
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	All
OS:	All

anand_srinivasan

Reported 2026-04-30 16:36:30 PDT

rdar://175861149 For memories other than 0 the bounds checking for memory accesses has an underflow in the computation (memory size - (access size - 1)), which computes the last valid address before a memory access spills out of bounds, which can be exercised if memory size is 0. Multimemory has not been enabled yet.

Attachments
Add attachment proposed patch, testcase, etc.

anand_srinivasan

Comment 1 2026-04-30 16:44:26 PDT

Pull request: https://github.com/WebKit/WebKit/pull/64011

EWS

Comment 2 2026-05-01 10:44:27 PDT

Committed 312439@main (c90b978eee24): <https://commits.webkit.org/312439@main> Reviewed commits have been landed. Closing PR #64011 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.