[webkit-changes] [WebKit/WebKit] e236b9: [JSC] Fix null-env deref in CyclicModuleRecord::in...

Thu, 16 Apr 2026 23:02:11 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e236b9dd9455807ff1e2e528bec1ecd2f21d942a
      
https://github.com/WebKit/WebKit/commit/e236b9dd9455807ff1e2e528bec1ecd2f21d942a
  Author: Sosuke Suzuki <[email protected]>
  Date:   2026-04-16 (Thu, 16 Apr 2026)

  Changed paths:
    A JSTests/wasm/modules/wasm-imports-js-namespace-reexport.js
    A JSTests/wasm/modules/wasm-imports-js-namespace-reexport/importer.wasm
    A JSTests/wasm/modules/wasm-imports-js-namespace-reexport/importer.wat
    A JSTests/wasm/modules/wasm-imports-js-namespace-reexport/inner.js
    A JSTests/wasm/modules/wasm-imports-js-namespace-reexport/reexport.js
    M Source/JavaScriptCore/runtime/CyclicModuleRecord.cpp

  Log Message:
  -----------
  [JSC] Fix null-env deref in CyclicModuleRecord::initializeEnvironment for 
WebAssembly modules
https://bugs.webkit.org/show_bug.cgi?id=312534

Reviewed by Yusuke Suzuki.

initializeEnvironment was hoisted to the shared base class but its JS
import-entry loop was not guarded. For WebAssemblyModuleRecord, jsModule is
null so env is never constructed, yet JSWebAssemblyInstance still populates
importEntries(). When a wasm Single import targets a JS `export * as foo`
binding, resolveExport returns a namespace binding and
symbolTablePutTouchWatchpointSet derefs a null env.

Gate the loop on jsModule; the ENABLE(WEBASSEMBLY) block below still runs.

Tests: JSTests/wasm/modules/wasm-imports-js-namespace-reexport.js
       JSTests/wasm/modules/wasm-imports-js-namespace-reexport/inner.js
       JSTests/wasm/modules/wasm-imports-js-namespace-reexport/reexport.js

* JSTests/wasm/modules/wasm-imports-js-namespace-reexport.js: Added.
* JSTests/wasm/modules/wasm-imports-js-namespace-reexport/importer.wasm: Added.
* JSTests/wasm/modules/wasm-imports-js-namespace-reexport/importer.wat: Added.
* JSTests/wasm/modules/wasm-imports-js-namespace-reexport/inner.js: Added.
(export.sum):
* JSTests/wasm/modules/wasm-imports-js-namespace-reexport/reexport.js: Added.
* Source/JavaScriptCore/runtime/CyclicModuleRecord.cpp:
(JSC::CyclicModuleRecord::initializeEnvironment):

Canonical link: https://commits.webkit.org/311428@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to