Created attachment 318433 [details] js script Running jsc b.js -- b.wasm it reports Exception: Error: WebAssembly.Module doesn't parse at byte 287 / 321: can't get immediate for I64Const in unreachable context, in function at index 0 (evaluating 'new WebAssembly.Module(binary)') Module@[native code] global code@b.js:22:63 However the wasm binary is valid (accepted by v8, sm, binaryen, wabt).
<rdar://problem/33952443>
Created attachment 318434 [details] wasm file
I believe this is a benign bug because unreachable code shouldn't occur anyways. It's still a bug we should fix, though.
It looks like the i64.const causing the issue is: 42 80 80 80 80 80 80 80 80 80 | i64.const -9223372036854775808
Well this is our bug: // one immediate cases case I32Const: case I64Const: // <------ derp case SetLocal: case GetLocal: case TeeLocal: case GetGlobal: case SetGlobal: case Br: case BrIf: case Call: { uint32_t unused; WASM_PARSER_FAIL_IF(!parseVarUInt32(unused), "can't get immediate for ", m_currentOpcode, " in unreachable context"); return { }; } This is benign, not a security issue.
Created attachment 318440 [details] patch
Comment on attachment 318440 [details] patch please add test
Created attachment 318443 [details] patch Add test, and also handle i32.const / i64.const as signed.
Comment on attachment 318443 [details] patch Rejecting attachment 318443 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-02', 'validate-changelog', '--check-oops', '--non-interactive', 318443, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit ChangeLog entry in JSTests/ChangeLog contains OOPS!. Full output: http://webkit-queues.webkit.org/results/4333352
Created attachment 318444 [details] patch Fix OOPS.
The commit-queue encountered the following flaky tests while processing attachment 318444 [details]: svg/animations/smil-leak-list-property-instances.svg bug 175701 (author: sabouhallawa@apple.com) The commit-queue is continuing to process your patch.
Comment on attachment 318444 [details] patch Clearing flags on attachment: 318444 Committed r220894: <http://trac.webkit.org/changeset/220894>
All reviewed patches have been landed. Closing bug.