Bug 184185 - We should not store to stack locations which are not protected by the stack pointer.
Summary: We should not store to stack locations which are not protected by the stack p...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebAssembly (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-30 10:55 PDT by Mark Lam
Modified: 2018-03-30 10:57 PDT (History)
7 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2018-03-30 10:55:38 PDT
createJSToWasmWrapper() emits code that stores to "calleeFrame", but calleeFrame exists below the stack pointer.  Similarly, wasmToJS() also does the same.  The values stored at the locations below the stack pointer are succeptible to corruption by interrupts that may fire if the OS uses the user stack red zone as the interrupt stack frame.