289523 – Catch integer overflow on 32-bits in JSWebAssemblyArray.h

RESOLVED FIXED289523

Catch integer overflow on 32-bits in JSWebAssemblyArray.h

https://bugs.webkit.org/show_bug.cgi?id=289523

Summary Catch integer overflow on 32-bits in JSWebAssemblyArray.h

Angelos Oikonomopoulos

Reported 2025-03-11 02:40:06 PDT

The calculation in allocationSizeInBytes can wrap around on 32-bits.

Attachments
Add attachment proposed patch, testcase, etc.

Angelos Oikonomopoulos

Comment 1 2025-03-11 02:45:25 PDT

Radar WebKit Bug Importer

Comment 2 2025-03-18 02:40:19 PDT

EWS

Comment 3 2025-03-19 07:42:26 PDT

Committed 292355@main (4b568b921b7a): <https://commits.webkit.org/292355@main> Reviewed commits have been landed. Closing PR #42250 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Angelos Oikonomopoulos

Reported

2025-03-11 02:40 PDT

Modified

2025-03-19 07:42 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks