Created attachment 434428 [details] SIGSEGV from WASM crash report It looks like that the following page, which calculates different hash functions with the 'hash-wasm' library triggers a SIGSEGV in Safari 14.1. https://3w4be.csb.app/ Source code: https://codesandbox.io/s/3w4be Just continually updating/replacing a short string should trigger the crash. I don't have a Mac to investigate it further, but I've got a crash report here: https://github.com/Daninet/hash-wasm/issues/28 I've attached it to this bug report as well. From the crash log for me it is concerning security-wise. Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [19473] Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00007fff3742a590 JSC::Wasm::operationWasmTriggerOSREntryNow(JSC::Probe::Context&) + 144 1 com.apple.JavaScriptCore 0x00007fff3691ede8 JSC::Probe::executeProbe(JSC::Probe::State*) + 120 2 com.apple.JavaScriptCore 0x00007fff3691e742 ctiMasmProbeTrampoline + 338 3 ??? 0x000025cd1fff349c 0 + 41562935342236 4 ??? 0x000025cd1e929c78 0 + 41562911448184 5 com.apple.JavaScriptCore 0x00007fff3686d156 vmEntryToJavaScript + 216 6 com.apple.JavaScriptCore 0x00007fff37460cc5 JSC::callWebAssemblyFunction(JSC::JSGlobalObject*, JSC::CallFrame*) + 1189 ...
<rdar://problem/81217357>
I managed to reproduce it in GNOME Web 40.1 - WebKitGTK 2.32.1 <script src="https://cdn.jsdelivr.net/npm/hash-wasm@4.9.0/dist/argon2.umd.min.js"></script> <script> const run = async (i) => { console.log(await hashwasm.argon2id({ password: 'abc' + i, salt: '12345678', parallelism: 1, memorySize: 128, iterations: 4, hashLength: 16, outputType: 'encoded' })); }; for (let i = 0; i < 30; i++) { run(i); } </script>
Created attachment 443035 [details] Patch
Created attachment 443036 [details] Patch
Comment on attachment 443036 [details] Patch r=me
Committed r285149 (243786@main): <https://commits.webkit.org/243786@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 443036 [details].