Hi — checking on release-27.0.0.
Upstream 728fa071 ("[40.0] Backport Cranelift: x64: fix incorrect load-sinking in copysign operator", CVE-2026-24116) appears not to have made it onto this branch.
Pre-fix fcopysign lowering still present in cranelift/codegen/src/isa/x64/lower.isle (sha a5b3330e):
(rule (lower (has_type $F32 (fcopysign a @ (value_type $F32) b)))
(let ((sign_bit Xmm (imm $F32 0x80000000)))
(x64_orps
(x64_andnps sign_bit a)
(x64_andps sign_bit b))))
The fix simply forces a and b into XMM registers before the bitwise ops so the f64.load can't sink-and-widen. Two small bindings plus regression tests.
Should I open a backport PR aligned to the upstream commit? Want to confirm the branch is still in scope first.
vulgraph
Hi — checking on
release-27.0.0.Upstream
728fa071("[40.0] Backport Cranelift: x64: fix incorrect load-sinking incopysignoperator", CVE-2026-24116) appears not to have made it onto this branch.Pre-fix
fcopysignlowering still present incranelift/codegen/src/isa/x64/lower.isle(shaa5b3330e):The fix simply forces
aandbinto XMM registers before the bitwise ops so thef64.loadcan't sink-and-widen. Two small bindings plus regression tests.Should I open a backport PR aligned to the upstream commit? Want to confirm the branch is still in scope first.
vulgraph