Wasmtime GitHub notifications bot (Apr 09 2026 at 18:55): Wasmtime GitHub notifications bot (Apr 09 2026 at 18:55):alexcrichton opened PR #13016 from alexcrichton:fix-fact-bounds-checks to bytecodealliance:main:
Note: this is a fix for GHSA-hx6p-xpx3-jvvv
We need to bounds check the source byte length, not the number of code units.
<!--
Please make sure you include the following information:
If this work has been discussed elsewhere, please include a link to that
conversation. If it was discussed in an issue, just mention "issue #...".Explain why this change is needed. If the details are in an issue already,
this can be brief.Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.htmlPlease ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->
Wasmtime GitHub notifications bot (Apr 09 2026 at 18:55):alexcrichton requested fitzgen for a review on PR #13016.
Wasmtime GitHub notifications bot (Apr 09 2026 at 18:56):alexcrichton requested wasmtime-core-reviewers for a review on PR #13016.
Wasmtime GitHub notifications bot (Apr 09 2026 at 19:50):fitzgen submitted PR review.
Wasmtime GitHub notifications bot (Apr 09 2026 at 19:50):fitzgen added PR #13016 Fix bounds checks in FACT's string_to_compact method to the merge queue.
Wasmtime GitHub notifications bot (Apr 09 2026 at 20:46):fitzgen merged PR #13016.
Wasmtime GitHub notifications bot (Apr 09 2026 at 20:46):fitzgen removed PR #13016 Fix bounds checks in FACT's string_to_compact method from the merge queue.
Last updated: Apr 12 2026 at 23:10 UTC