Closed Bug 1310149 Opened 8 years ago Closed 8 years ago

Baldr: tighten the check in DecodeLimits after the switch to 0xd

Categories

(Core :: JavaScript Engine: JIT, defect, P3)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla52
Tracking Flags:
Tracking Status
firefox52 --- fixed

People

(Reporter: bbouvier, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

Bug 1310149: Tighten the check in DecodeLimits;
58 bytes, text/x-review-board-request
luke
: review+
Details
In the AngryBots demo, the memory is marked as a default one (0x1) and with a maximum (0x2), so the flags for the limits are 0x3. This is wrong, per 0xc, and our impl was wrong too. To not block testing of emscripten & spidermonkey, it has been decided to: 1. update to the new behavior (no more default flag; having a maximum is 0x1) 2. allow flags to be 0x3 in the worst case Then we are still binary compatible with the demo (the default flag being now interpreted as the has-maximum flag, which is true in this case). When the demo gets updated, we should tighten the flags checking (2). Next demo update should come with 0xd, I assume.
I've checked that the newer AngryBots wasm binary still gets validated and compiled with this patch.
Comment on attachment 8804611 [details] Bug 1310149: Tighten the check in DecodeLimits; https://reviewboard.mozilla.org/r/88524/#review87826 Thanks!
Attachment #8804611 - Flags: review?(luke) → review+
Pushed by bbouvier@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ddb7b94d3a6a Tighten the check in DecodeLimits; r=luke
https://hg.mozilla.org/mozilla-central/rev/ddb7b94d3a6a
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox52: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: