misc/wasm: wasm_exec.js not protected against growth in a few try/catch cases #45433
Labels
arch-wasm
WebAssembly issues
FrozenDueToAge
NeedsFix
The path to resolution is known, but the work has not been done.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes. But I'm just reading through the code in misc/wasm/wasm_exec.js. Don't have a test case that makes it fail.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
What did you expect to see?
The sp variable, representing the wasm stack pointer, at the time the imported function is being called, is being carefully reevaluated in most places where the wasm heap may have grown before using it to write results back to the stack. But there seem to be a few places that were missed; each time in the catch block of a try...catch statement.
This isn't going to be hit very often because it requires the block being tried throw an exception and the wasm memory being grown during whatever was being tried.
What did you see instead?
Here are a version of diffs I put into my own copy of wasm_exec.js without ill effect.
The text was updated successfully, but these errors were encountered: