Title: [210091] trunk
- Revision
- 210091
- Author
- [email protected]
- Date
- 2016-12-21 17:26:09 -0800 (Wed, 21 Dec 2016)
Log Message
WebAssembly: Fix decode floating point constants in unreachable code
https://bugs.webkit.org/show_bug.cgi?id=166400
Reviewed by Saam Barati.
JSTests:
* wasm.yaml:
Source/_javascript_Core:
We decoded these as variable length but they should be fixed length.
* wasm/WasmFunctionParser.h:
Modified Paths
Diff
Modified: trunk/JSTests/ChangeLog (210090 => 210091)
--- trunk/JSTests/ChangeLog 2016-12-22 01:06:20 UTC (rev 210090)
+++ trunk/JSTests/ChangeLog 2016-12-22 01:26:09 UTC (rev 210091)
@@ -1,5 +1,14 @@
2016-12-21 Keith Miller <[email protected]>
+ WebAssembly: Fix decode floating point constants in unreachable code
+ https://bugs.webkit.org/show_bug.cgi?id=166400
+
+ Reviewed by Saam Barati.
+
+ * wasm.yaml:
+
+2016-12-21 Keith Miller <[email protected]>
+
WebAssembly: Allow br, br_if, and br_table to act as a return
https://bugs.webkit.org/show_bug.cgi?id=166393
Modified: trunk/JSTests/wasm.yaml (210090 => 210091)
--- trunk/JSTests/wasm.yaml 2016-12-22 01:06:20 UTC (rev 210090)
+++ trunk/JSTests/wasm.yaml 2016-12-22 01:26:09 UTC (rev 210091)
@@ -38,13 +38,13 @@
cmd: runWebAssemblySpecTest :skip
- path: wasm/spec-tests/br.wast.js
- cmd: runWebAssemblySpecTest :skip
+ cmd: runWebAssemblySpecTest :normal
- path: wasm/spec-tests/br_if.wast.js
cmd: runWebAssemblySpecTest :skip
- path: wasm/spec-tests/br_table.wast.js
- cmd: runWebAssemblySpecTest :skip
+ cmd: runWebAssemblySpecTest :normal
- path: wasm/spec-tests/break-drop.wast.js
cmd: runWebAssemblySpecTest :normal
@@ -155,7 +155,7 @@
cmd: runWebAssemblySpecTest :skip
- path: wasm/spec-tests/return.wast.js
- cmd: runWebAssemblySpecTest :skip
+ cmd: runWebAssemblySpecTest :normal
- path: wasm/spec-tests/select.wast.js
cmd: runWebAssemblySpecTest :skip
Modified: trunk/Source/_javascript_Core/ChangeLog (210090 => 210091)
--- trunk/Source/_javascript_Core/ChangeLog 2016-12-22 01:06:20 UTC (rev 210090)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-12-22 01:26:09 UTC (rev 210091)
@@ -1,5 +1,16 @@
2016-12-21 Keith Miller <[email protected]>
+ WebAssembly: Fix decode floating point constants in unreachable code
+ https://bugs.webkit.org/show_bug.cgi?id=166400
+
+ Reviewed by Saam Barati.
+
+ We decoded these as variable length but they should be fixed length.
+
+ * wasm/WasmFunctionParser.h:
+
+2016-12-21 Keith Miller <[email protected]>
+
WebAssembly: Allow br, br_if, and br_table to act as a return
https://bugs.webkit.org/show_bug.cgi?id=166393
Modified: trunk/Source/_javascript_Core/wasm/WasmFunctionParser.h (210090 => 210091)
--- trunk/Source/_javascript_Core/wasm/WasmFunctionParser.h 2016-12-22 01:06:20 UTC (rev 210090)
+++ trunk/Source/_javascript_Core/wasm/WasmFunctionParser.h 2016-12-22 01:26:09 UTC (rev 210091)
@@ -547,6 +547,18 @@
return { };
}
+ case F32Const: {
+ uint32_t unused;
+ WASM_PARSER_FAIL_IF(!parseUInt32(unused), "can't parse 32-bit floating-point constant");
+ return { };
+ }
+
+ case F64Const: {
+ uint64_t constant;
+ WASM_PARSER_FAIL_IF(!parseUInt64(constant), "can't parse 64-bit floating-point constant");
+ return { };
+ }
+
// two immediate cases
FOR_EACH_WASM_MEMORY_LOAD_OP(CREATE_CASE)
FOR_EACH_WASM_MEMORY_STORE_OP(CREATE_CASE) {
@@ -557,9 +569,7 @@
}
// one immediate cases
- case F32Const:
case I32Const:
- case F64Const:
case I64Const:
case SetLocal:
case GetLocal:
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
