nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1904243 - Check if complex types with local refs are properly validated. r=rhunt, a=dmeehan

Browse source 
Differential Revision: https://phabricator.services.mozilla.com/D214750
This commit is contained in:
Yury Delendik 2024-06-26 13:50:32 +00:00
parent ad4f242ec2
commit fbaff7b049
2 changed files with 22 additions and 1 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

18
js/src/jit-test/tests/wasm/gc/regress-1904243.js Normal file
View file

@ -0,0 +1,18 @@
// Check if complex types with local refs are properly validated.
var ins = wasmEvalText(`(module
(rec
(type $t0 (struct))
(type $t1 (sub (func (result (ref null $t1)))))
)
)`);
var ins = wasmEvalText(`(module
(rec
(type $t0 (struct))
(type $t1 (sub (func (result (ref null $t0)))))
)
(func (type $t1) (result (ref null $t0))
ref.null $t0
)
)`);

5
js/src/wasm/WasmTypeDef.h
View file

@ -1301,7 +1301,10 @@ inline uintptr_t TypeDef::forMatch(const TypeDef* typeDef,
// Return a tagged index for local type references // Return a tagged index for local type references
if (typeDef && &typeDef->recGroup() == recGroup) { if (typeDef && &typeDef->recGroup() == recGroup) {
return uintptr_t(recGroup->indexOf(typeDef)) | 0x1; // recGroup->indexOf result is expected to be not greater than MaxTypes,
// and shall fit in 32-bit pointer without loss.
static_assert(MaxTypes <= 0x7FFFFFFF);
return (uintptr_t(recGroup->indexOf(typeDef)) << 1) | 0x1;
} }
// Return an untagged pointer for non-local type references // Return an untagged pointer for non-local type references