diff options
| author | Thomas Lively <7121787+tlively@users.noreply.github.com> | 2021-06-29 14:22:54 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-29 07:22:54 -0700 |
| commit | 6ab05d914bbee87dd4a26f218a04e7ea918a2271 (patch) | |
| tree | 33b529093b0a9ec1dab8390e4d938bcad4d02445 /src/wasm/wasm.cpp | |
| parent | 6a2d7f989065820476268a2382db2eccf72aadd7 (diff) | |
| download | binaryen-6ab05d914bbee87dd4a26f218a04e7ea918a2271.tar.gz binaryen-6ab05d914bbee87dd4a26f218a04e7ea918a2271.tar.bz2 binaryen-6ab05d914bbee87dd4a26f218a04e7ea918a2271.zip | |
Only set `supertype` if nominal typing is enabled (#3958)
The code for printing and emitting the experimental nominal type constructors
added in #3933 assumes that supertypes were only returned from `getSuperType`
when nominal typing was enabled. `getSuperType` in turn was assuming that the
supertype field would only be set if nominal typing was enabled, but this was
not the case. This bug caused use-after-free errors because equirecursive
canonicalization left the supertype field pointing to a temporary HeapTypeInfo
that would be freed at the end of parsing but then accessed during module
writing.
To fix the issue, only set `supertype` if nominal typing is enabled, as
originally intended.
Diffstat (limited to 'src/wasm/wasm.cpp')
0 files changed, 0 insertions, 0 deletions