Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 946696720edc253eddf8595a94cb5bb3b0480572
https://github.com/WebKit/WebKit/commit/946696720edc253eddf8595a94cb5bb3b0480572
Author: Daniel Liu <danl...@umich.edu>
Date: 2025-08-19 (Tue, 19 Aug 2025)
Changed paths:
M Source/JavaScriptCore/llint/WebAssembly.asm
M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
Log Message:
-----------
createJSToWasmJITShared should populate codeBlock and callee slots
https://bugs.webkit.org/show_bug.cgi?id=292621
rdar://150776242
Reviewed by Yusuke Suzuki.
In 294376@main, we updated the JS to Wasm shared thunk to change how
the entrypoint was loaded during calls. With these changes, we don't
use the CodeBlock or Callee slots in the frame. This issue may cause
undefined behavior due to using arbitrary memory values being loaded
from these stack slots. We should populate these slots properly with
the correct JSWebAssemblyInstance and boxed callee values so that we
can walk the stack without running into uninitialized values.
* Source/JavaScriptCore/llint/WebAssembly.asm:
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::createJSToWasmJITShared):
Originally-landed-as: 289651.534@safari-7621-branch (a8d546461042).
rdar://157791381
Canonical link: https://commits.webkit.org/298928@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
