Wasmtime GitHub notifications bot (Apr 27 2026 at 20:08): Wasmtime GitHub notifications bot (Apr 27 2026 at 20:08):cfallin opened PR #13213 from cfallin:cve-copysign-backport-24 to bytecodealliance:release-24.0.0:
The implementation of the
fcopysignoperator uses vector bitwise AND instructions on the floating-point/vector registers containing the inputs to the operator. This is a reasonable implementation as the instruction set does not have scalar (single-lane) bitwise operators. However, when load-sinking automatically kicks in for an operand to anandps, it can turn a 64-bit load (f64.load) into a 128-bit load incorrectly.This load-widening can cause out-of-bounds accesses where they were not expected. When dynamic bounds checks are enabled, we compile assuming the correct load-operator width is codegen'd; a too-wide load could read beyond the checked bound, either into unmapped memory (crashing the process) or, worse, valid data outside the sandbox. In the case of
fcopysignthe result of that read is not directly available, because it will go into the high (unused) lane, but the out-of-bounds read itself is a problem.Thanks to louismerlin for reporting!
<!--
Please make sure you include the following information:
If this work has been discussed elsewhere, please include a link to that
conversation. If it was discussed in an issue, just mention "issue #...".Explain why this change is needed. If the details are in an issue already,
this can be brief.Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.htmlPlease ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:08):cfallin requested uweigand for a review on PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:08):cfallin requested wasmtime-compiler-reviewers for a review on PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:08):cfallin requested alexcrichton for a review on PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:08):cfallin requested wasmtime-core-reviewers for a review on PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:08):cfallin requested wasmtime-default-reviewers for a review on PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:10)::thumbs_up: alexcrichton submitted PR review.
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:10)::speech_balloon: alexcrichton created PR review comment:
Could this include a link to GHSA-.... like below?
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:11):cfallin updated PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:11)::memo: cfallin submitted PR review.
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:11)::speech_balloon: cfallin created PR review comment:
Done!
Wasmtime GitHub notifications bot (Apr 27 2026 at 20:11):cfallin has enabled auto merge for PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 22:01):github-actions[bot] added the label cranelift on PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 22:01):github-actions[bot] added the label wasmtime:docs on PR #13213.
Wasmtime GitHub notifications bot (Apr 27 2026 at 22:01):github-actions[bot] added the label cranelift:area:x64 on PR #13213.
Wasmtime GitHub notifications bot (Apr 28 2026 at 18:39):alexcrichton updated PR #13213.
Wasmtime GitHub notifications bot (Apr 28 2026 at 18:53)::check: cfallin merged PR #13213.
Last updated: May 03 2026 at 22:13 UTC