Discovered by @zherczeg .
Previously emitSelect would crash in an ASSERT when checking the instruction count.
I am a bit wary of the emit* instructions not actually checking whether they are being called on the right instruction class, if select had the same number of operands as one of the comparison instructions, the assert would not have caught it, and the reinterpret_cast would have been called on the select. That is probably not a serious enough bug to cause a sandbox escape, but it could result in arbitrary reads within the module memory. At the very least it could lead to data corruption bugs that would be hard to track down.
Discovered by @zherczeg . Previously
emitSelect
would crash in anASSERT
when checking the instruction count.I am a bit wary of the
emit*
instructions not actually checking whether they are being called on the right instruction class, ifselect
had the same number of operands as one of the comparison instructions, the assert would not have caught it, and thereinterpret_cast
would have been called on the select. That is probably not a serious enough bug to cause a sandbox escape, but it could result in arbitrary reads within the module memory. At the very least it could lead to data corruption bugs that would be hard to track down.