In the AngryBots demo, the memory is marked as a default one (0x1) and with a maximum (0x2), so the flags for the limits are 0x3. This is wrong, per 0xc, and our impl was wrong too. To not block testing of emscripten & spidermonkey, it has been decided to: 1. update to the new behavior (no more default flag; having a maximum is 0x1) 2. allow flags to be 0x3 in the worst case Then we are still binary compatible with the demo (the default flag being now interpreted as the has-maximum flag, which is true in this case). When the demo gets updated, we should tighten the flags checking (2). Next demo update should come with 0xd, I assume.
I've checked that the newer AngryBots wasm binary still gets validated and compiled with this patch.
Comment on attachment 8804611 [details] Bug 1310149: Tighten the check in DecodeLimits; https://reviewboard.mozilla.org/r/88524/#review87826 Thanks!
Attachment #8804611 - Flags: review?(luke) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ddb7b94d3a6a Tighten the check in DecodeLimits; r=luke
You need to log in before you can comment on or make changes to this bug.