Closed
Bug 1714219
Opened 3 years ago
Closed 3 years ago
Properly serialize Wasm TypeDef
Categories
(Core :: JavaScript: WebAssembly, defect, P1)
Core
JavaScript: WebAssembly
Tracking
()
RESOLVED
FIXED
91 Branch
| Tracking | Status | |
|---|---|---|
| firefox91 | --- | fixed |
People
(Reporter: yury, Assigned: yury)
References
Details
Attachments
(1 file)
During wasm serialization the following panic may occur:
Assertion failure: cursor == begin + size, at /Work/mozilla-unified/js/src/wasm/WasmModule.cpp:253
The TypeDef::serializedSize() does not calculate size of structType_ or funcType_ properly. The serializedSize() must be used.
|
Assignee | |
Updated•3 years ago
|
Assignee: nobody → ydelendik
|
||
Updated•3 years ago
|
Severity: -- → S2
Status: NEW → ASSIGNED
OS: Unspecified → All
Priority: -- → P1
Hardware: Unspecified → All
|
|
Assignee | |
Comment 1•3 years ago
|
||
|
|
Assignee | |
Comment 2•3 years ago
|
||
Fixing this bug discovered a case when we are trying to deserialize but non-initialized union members contain bad data and cause MOZ_ASSERT(usingInlineStorage()); -- addressing this here under the same test.
Pushed by ydelendik@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d1f4c9301079
Fix serializedSize and deserialize for TypeDef. r=rhunt
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox91:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•