From 1b5f4a851ceadb63c33b14eb37fe11bd7c34ddcf Mon Sep 17 00:00:00 2001 From: Sam Clegg Date: Fri, 2 Feb 2024 10:23:40 -0800 Subject: [PATCH] [wasm64] Fix wasm64 memory read in Fetch.js This bug only showed up under wasm64 when the address of the fetch object was between 2Gb and 4Gb. This causes the JS ">> 2" operation to generate a negative number becuase the high bit is set: ``` $ node > a = 2**31 + 10 2147483658 > a >> 2 -536870910 > ``` In `browser64_4gb` mode this bug resulted in a read from the first 4gb of memory somewhere, which results a in 0 whereas read from a negative address yields `undefined`. --- src/Fetch.js | 2 +- test/fetch/test_fetch_sync_xhr.cpp | 4 ++-- test/test_browser.py | 10 ++++++++++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/Fetch.js b/src/Fetch.js index 1b3059015a63f..27fa8a90f6aaa 100644 --- a/src/Fetch.js +++ b/src/Fetch.js @@ -320,7 +320,7 @@ function fetchXHR(fetch, onsuccess, onerror, onprogress, onreadystatechange) { function saveResponseAndStatus() { var ptr = 0; var ptrLen = 0; - if (xhr.response && fetchAttrLoadToMemory && HEAPU32[fetch + {{{ C_STRUCTS.emscripten_fetch_t.data }}} >> 2] === 0) { + if (xhr.response && fetchAttrLoadToMemory && {{{ makeGetValue('fetch', C_STRUCTS.emscripten_fetch_t.data, '*') }}} === 0) { ptrLen = xhr.response.byteLength; } if (ptrLen > 0) { diff --git a/test/fetch/test_fetch_sync_xhr.cpp b/test/fetch/test_fetch_sync_xhr.cpp index b77a7748243a4..d8c4b53386d84 100644 --- a/test/fetch/test_fetch_sync_xhr.cpp +++ b/test/fetch/test_fetch_sync_xhr.cpp @@ -15,8 +15,8 @@ int result = -1; int main() { // If an exception is thrown from the user callback, it bubbles up to // self.onerror but is otherwise completely swallowed by xhr.send. - EM_ASM({self.onerror = function() { - out('Got error'); + EM_ASM({self.onerror = (e) => { + out('Got error', e); HEAP32[$0 >> 2] = 2; };}, &result); emscripten_fetch_attr_t attr; diff --git a/test/test_browser.py b/test/test_browser.py index d3318222d1cb8..caf504a6490f0 100644 --- a/test/test_browser.py +++ b/test/test_browser.py @@ -5908,6 +5908,16 @@ def setUp(self): self.require_wasm64() +class browser64_2gb(browser): + def setUp(self): + super().setUp() + self.set_setting('MEMORY64') + self.set_setting('INITIAL_MEMORY', '2200gb') + self.set_setting('GLOBAL_BASE', '2gb') + self.emcc_args.append('-Wno-experimental') + self.require_wasm64() + + class browser_2gb(browser): def setUp(self): super().setUp()