Bounds check is possible wrong on array.copy/array.fill

WebAssembly / gc

Branch of the spec repo scoped to discussion of GC integration in WebAssembly

https://webassembly.github.io/gc/

Other

982 stars 70 forks source link

Bounds check is possible wrong on array.copy/array.fill #536

Closed CharlieTap closed 4 months ago

CharlieTap commented 4 months ago

Apologies I'm currently implementing this spec so I you might see few issues/questions raised from me

Both array.copy and array fill have a bounds checks that effectively equate to:

if offset + elements_to_copy >= array.len => trap

I believe these should all be > rather than >=, I realised this when testing (because I encountered traps where I didn't expect to) and to double check I compared against table.copy/table.fill and those specifications use > rather than >=

tlively commented 4 months ago

Thanks for the catch! Fix at #537.