313789 – Wasm IPInt multimemory bounds check underflow for nonzero memories

RESOLVED FIXED313789

Wasm IPInt multimemory bounds check underflow for nonzero memories

https://bugs.webkit.org/show_bug.cgi?id=313789

Summary Wasm IPInt multimemory bounds check underflow for nonzero memories

anand_srinivasan

Reported 2026-04-30 16:36:30 PDT

rdar://175861149 For memories other than 0 the bounds checking for memory accesses has an underflow in the computation (memory size - (access size - 1)), which computes the last valid address before a memory access spills out of bounds, which can be exercised if memory size is 0. Multimemory has not been enabled yet.

Attachments
Add attachment proposed patch, testcase, etc.

anand_srinivasan

Comment 1 2026-04-30 16:44:26 PDT

Pull request: https://github.com/WebKit/WebKit/pull/64011

EWS

Comment 2 2026-05-01 10:44:27 PDT

Committed 312439@main (c90b978eee24): <https://commits.webkit.org/312439@main> Reviewed commits have been landed. Closing PR #64011 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2026-04-30 16:36 PDT

Modified

2026-05-01 10:44 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks