286294 – Missing Validation for Function Index in branch_hint Section

RESOLVED INVALID 286294

Missing Validation for Function Index in branch_hint Section

https://bugs.webkit.org/show_bug.cgi?id=286294

Summary Missing Validation for Function Index in branch_hint Section

tombox1337

Reported 2025-01-21 06:54:09 PST

Created attachment 473966 [details] program.js ### Description WebKit does not enforce validation checks for invalid function indices within the branch_hint section. ### Environment - OS: Ubuntu 20.04 - CPU: amd64 - WebKit Version: 146fa28a329d220785d2972c1d691555141e6406 ### Steps to Reproduce Run the following WebAssembly module: ``` ./JSCOnly/Debug/bin/jsc ./program.js ``` ### Current State ```plaintext (no error or warning) ``` ### Expected Behavior The branch_hint section should be properly validated, ensuring that any references such as function indexes are checked against the defined or imported functions. If an invalid index is encountered, a validation error should occur before execution, such as: ``` error: invalid function index 140971 ```

Attachments
program.js (904 bytes, application/x-javascript) 2025-01-21 06:54 PST, tombox1337	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2025-01-28 06:55:13 PST

<rdar://problem/143757115>

Yusuke Suzuki

Comment 2 2025-01-29 13:42:19 PST

Can you point out the spec text describing this validation?

Yusuke Suzuki

Comment 3 2025-02-07 18:09:37 PST

This is not specified, and tolerant handling is better.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version Other

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebAssembly

Assignee

Nobody

Reported

2025-01-21 06:54 PST

Modified

2025-02-07 18:09 PST History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks