286369 – Pad IPInt argumINTBytecode to an even size

RESOLVED FIXED286369

Pad IPInt argumINTBytecode to an even size

https://bugs.webkit.org/show_bug.cgi?id=286369

Summary Pad IPInt argumINTBytecode to an even size

daniel_liu4

Reported 2025-01-22 10:47:38 PST

During local initialization, we default initialize locals all the way until we hit the end of our local table. Because of IPInt's design, the local table is aligned to an even size, meaning that we may read out of bounds by 1 from the metadata vector. We need to pad this vector with an extra dummy element to make sure we don't go out of bounds.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2025-01-22 10:47:48 PST

<rdar://problem/143407486>

daniel_liu4

Comment 2 2025-01-22 11:00:37 PST

Pull request: https://github.com/WebKit/WebKit/pull/39392

EWS

Comment 3 2025-01-23 11:44:53 PST

Committed 289308@main (7214ee02bbf6): <https://commits.webkit.org/289308@main> Reviewed commits have been landed. Closing PR #39392 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2025-01-22 10:47 PST

Modified

2025-01-23 11:44 PST History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks