Andreas Kling 2782fa1559 LibJS: Tighten the bytecode validator's argument operand bound ...

Until now the validator passed `u32::MAX` as the argument-region
upper bound because nothing on Executable tracked how many
argument slots a given bytecode buffer might reference. That left
the largest validation hole open: any flat operand index above
`registers + locals + constants` slid through the check.

The Rust assembler already walks every operand during phase 1 so
it can offset each one into the runtime's flat layout. This commit
piggybacks on that walk to record the highest `Operand::argument`
index touched and surfaces `(max + 1)` (or zero if no argument is
ever referenced) on `AssembledBytecode`. The value rides through
`FFIExecutableData` onto a new `Executable::number_of_arguments`
field, which `Validator.cpp` then feeds into `FFIValidatorBounds`.

The bound is now tight: every operand index in the encoded stream
is range-checked against the actual runtime array size, including
the argument region.

2026-05-03 08:43:19 +02:00

8.4 KiB

Raw Blame History

View Raw