[JSC][32bit] ASSERTION FAILED: !initialBytes #3275

mikhailramalho · 2022-08-12T22:01:24Z

`3866ba7`

[JSC][32bit] ASSERTION FAILED: !initialBytes
https://bugs.webkit.org/show_bug.cgi?id=243901

Reviewed by Yusuke Suzuki.

This patch fixes a value being truncated in 32bits platforms, resulting
in a invalid maximum size.

The method bytes() returns a uint64_t but in Memory::tryCreate, it is
stored in size_t, which is fine in 64bit platforms but gets truncated in
32 bits ones.

In this patch both initialBytes and maximumBytes are now uint64_t and
there is an extra check if the maximum size is greater than what's
allowed in the platform.

* Source/JavaScriptCore/wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::tryCreate):

Canonical link: https://commits.webkit.org/253399@main

Source/JavaScriptCore/wasm/WasmMemory.cpp

Constellation

r=me

https://bugs.webkit.org/show_bug.cgi?id=243901 Reviewed by Yusuke Suzuki. This patch fixes a value being truncated in 32bits platforms, resulting in a invalid maximum size. The method bytes() returns a uint64_t but in Memory::tryCreate, it is stored in size_t, which is fine in 64bit platforms but gets truncated in 32 bits ones. In this patch both initialBytes and maximumBytes are now uint64_t and there is an extra check if the maximum size is greater than what's allowed in the platform. * Source/JavaScriptCore/wasm/WasmMemory.cpp: (JSC::Wasm::Memory::tryCreate): Canonical link: https://commits.webkit.org/253399@main

webkit-commit-queue · 2022-08-13T02:45:05Z

Committed 253399@main (3866ba7): https://commits.webkit.org/253399@main

Reviewed commits have been landed. Closing PR #3275 and removing active labels.

mikhailramalho requested a review from a team as a code owner August 12, 2022 22:01

mikhailramalho self-assigned this Aug 12, 2022

mikhailramalho added JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues. WebKit Nightly Build labels Aug 12, 2022

Constellation reviewed Aug 12, 2022

View reviewed changes

Source/JavaScriptCore/wasm/WasmMemory.cpp Show resolved Hide resolved

mikhailramalho force-pushed the eng/JSC32bit-ASSERTION-FAILED-initialBytes branch from 77aa9fd to a57c2ac Compare August 12, 2022 23:17

Constellation approved these changes Aug 12, 2022

View reviewed changes

mikhailramalho added the merge-queue Applied to send a pull request to merge-queue label Aug 12, 2022

webkit-early-warning-system force-pushed the eng/JSC32bit-ASSERTION-FAILED-initialBytes branch from a57c2ac to d60c87c Compare August 13, 2022 02:43

webkit-early-warning-system force-pushed the eng/JSC32bit-ASSERTION-FAILED-initialBytes branch from d60c87c to 3866ba7 Compare August 13, 2022 02:45

webkit-early-warning-system merged commit 3866ba7 into WebKit:main Aug 13, 2022

webkit-commit-queue removed the merge-queue Applied to send a pull request to merge-queue label Aug 13, 2022

mikhailramalho deleted the eng/JSC32bit-ASSERTION-FAILED-initialBytes branch August 15, 2022 13:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[JSC][32bit] ASSERTION FAILED: !initialBytes #3275

[JSC][32bit] ASSERTION FAILED: !initialBytes #3275

mikhailramalho commented Aug 12, 2022 •

edited by webkit-commit-queue

Constellation left a comment

webkit-commit-queue commented Aug 13, 2022

[JSC][32bit] ASSERTION FAILED: !initialBytes #3275

[JSC][32bit] ASSERTION FAILED: !initialBytes #3275

Conversation

mikhailramalho commented Aug 12, 2022 • edited by webkit-commit-queue

3866ba7

Constellation left a comment

Choose a reason for hiding this comment

webkit-commit-queue commented Aug 13, 2022

mikhailramalho commented Aug 12, 2022 •

edited by webkit-commit-queue

`3866ba7`