311764 – IPInt bounds check for nonzero memories only checks first byte of access

RESOLVED FIXED311764

IPInt bounds check for nonzero memories only checks first byte of access

https://bugs.webkit.org/show_bug.cgi?id=311764

Summary IPInt bounds check for nonzero memories only checks first byte of access

anand_srinivasan

Reported 2026-04-08 15:15:02 PDT

rdar://174338638 The IPInt bounds check for memories other than 0 jumps to the out of bounds handler if address >= memory size when it should check if address + (size - 1) >= memory size

Attachments
Add attachment proposed patch, testcase, etc.

anand_srinivasan

Comment 1 2026-04-08 15:45:50 PDT

Pull request: https://github.com/WebKit/WebKit/pull/62307

EWS

Comment 2 2026-04-13 11:29:23 PDT

Committed 311123@main (39def582d5c1): <https://commits.webkit.org/311123@main> Reviewed commits have been landed. Closing PR #62307 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2026-04-08 15:15 PDT

Modified

2026-04-13 11:29 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks