Skip to content

Pad IPInt argumINTBytecode to an even size #39392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 23, 2025
Merged

Pad IPInt argumINTBytecode to an even size #39392

merged 1 commit into from
Jan 23, 2025

Conversation

danlliu
Copy link
Contributor

@danlliu danlliu commented Jan 22, 2025
edited by webkit-early-warning-system
Loading

7214ee0

Pad IPInt argumINTBytecode to an even size
https://bugs.webkit.org/show_bug.cgi?id=286369
rdar://143407486

Reviewed by Yijia Huang and Mark Lam.

During local initialization, we default initialize locals all the way until we
hit the end of our local table. Because of IPInt's design, the local table is
aligned to an even size, meaning that we may read out of bounds by 1 from the
metadata vector. We need to pad this vector with an extra dummy element to make
sure we don't go out of bounds.

* Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp:
(JSC::Wasm::IPIntGenerator::finalize):

Canonical link: https://commits.webkit.org/289308@main

048552b

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
loading 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ❌ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
❌ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ❌ 🧪 api-gtk
✅ 🛠 🧪 merge ✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
❌ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
❌ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
❌ 🛠 watch
❌ 🛠 watch-sim

@danlliu danlliu requested a review from a team as a code owner January 22, 2025 19:00
@danlliu danlliu self-assigned this Jan 22, 2025
@danlliu danlliu added the JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues. label Jan 22, 2025
@webkit-early-warning-system
Copy link
Collaborator

Starting EWS tests for 048552b. Live statuses available at the PR page, #39392

@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jan 22, 2025
edited
Loading

EWS run on current version of this PR (hash 048552b)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
loading 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ❌ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
❌ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ❌ 🧪 api-gtk
✅ 🛠 🧪 merge ✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
❌ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
❌ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
❌ 🛠 watch
❌ 🛠 watch-sim

hyjorc1
hyjorc1 approved these changes Jan 22, 2025
View reviewed changes
Copy link
Contributor

@hyjorc1 hyjorc1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me

MenloDorian
MenloDorian approved these changes Jan 22, 2025
View reviewed changes
Copy link

@MenloDorian MenloDorian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me

@danlliu danlliu added the merge-queue Applied to send a pull request to merge-queue label Jan 23, 2025
@danlliu
Pad IPInt argumINTBytecode to an even size
7214ee0 
https://bugs.webkit.org/show_bug.cgi?id=286369
rdar://143407486

Reviewed by Yijia Huang and Mark Lam.

During local initialization, we default initialize locals all the way until we
hit the end of our local table. Because of IPInt's design, the local table is
aligned to an even size, meaning that we may read out of bounds by 1 from the
metadata vector. We need to pad this vector with an extra dummy element to make
sure we don't go out of bounds.

* Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp:
(JSC::Wasm::IPIntGenerator::finalize):

Canonical link: https://commits.webkit.org/289308@main
@webkit-commit-queue
Copy link
Collaborator

Committed 289308@main (7214ee0): https://commits.webkit.org/289308@main

Reviewed commits have been landed. Closing PR #39392 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit 7214ee0 into WebKit:main Jan 23, 2025
@webkit-commit-queue webkit-commit-queue removed the merge-queue Applied to send a pull request to merge-queue label Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MenloDorian MenloDorian MenloDorian approved these changes

@hyjorc1 hyjorc1 hyjorc1 approved these changes

Assignees

@danlliu danlliu

Labels

JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@danlliu @webkit-early-warning-system @webkit-commit-queue @MenloDorian @hyjorc1