184185 – We should not store to stack locations which are not protected by the stack pointer.

NEW184185

We should not store to stack locations which are not protected by the stack pointer.

https://bugs.webkit.org/show_bug.cgi?id=184185

Summary We should not store to stack locations which are not protected by the stack p...

Mark Lam

Reported 2018-03-30 10:55:38 PDT

createJSToWasmWrapper() emits code that stores to "calleeFrame", but calleeFrame exists below the stack pointer. Similarly, wasmToJS() also does the same. The values stored at the locations below the stack pointer are succeptible to corruption by interrupts that may fire if the OS uses the user stack red zone as the interrupt stack frame.

Attachments
Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebAssembly

Assignee

Nobody

Reported

2018-03-30 10:55 PDT

Modified

2018-03-30 10:57 PDT History

CC List

7 users Show

URL

Keywords

Depends on

Blocks