Stream: git-wasmtime

Topic: wasmtime / issue #13220 release-25.0.0: x64 fcopysign loa...

view this post on Zulip Wasmtime GitHub notifications bot (Apr 28 2026 at 09:49):

vulgraph opened issue #13220:

cranelift/codegen/src/isa/x64/lower.isle (sha 538aa5ba) on release-25.0.0 still has the pre-fix fcopysign lowering — the rules don't Xmm-coerce a/b before the andnps/andps chain, so an upstream f64.load can sink in and get widened to a 128-bit read.

(rule (lower (has_type $F64 (fcopysign a @ (value_type $F64) b)))
      (let ((sign_bit Xmm (imm $F64 0x8000000000000000)))
        (x64_orpd
          (x64_andnpd sign_bit a)
          (x64_andpd sign_bit b))))

Upstream 728fa071 (CVE-2026-24116, 40.0.3) adds (a Xmm a) / (b Xmm b) bindings with the comment "force into reg so we don't sink a 128-bit load.". Neither binding nor the comment shows up on release-25.0.0.

Is this branch still in the security-fix track? Happy to send a focused backport — it's a 4-line change plus the tests/disas/f64-copysign.wat regression test.

vulgraph

view this post on Zulip Wasmtime GitHub notifications bot (Apr 28 2026 at 09:58):

tschneidereit closed issue #13220:

cranelift/codegen/src/isa/x64/lower.isle (sha 538aa5ba) on release-25.0.0 still has the pre-fix fcopysign lowering — the rules don't Xmm-coerce a/b before the andnps/andps chain, so an upstream f64.load can sink in and get widened to a 128-bit read.

(rule (lower (has_type $F64 (fcopysign a @ (value_type $F64) b)))
      (let ((sign_bit Xmm (imm $F64 0x8000000000000000)))
        (x64_orpd
          (x64_andnpd sign_bit a)
          (x64_andpd sign_bit b))))

Upstream 728fa071 (CVE-2026-24116, 40.0.3) adds (a Xmm a) / (b Xmm b) bindings with the comment "force into reg so we don't sink a 128-bit load.". Neither binding nor the comment shows up on release-25.0.0.

Is this branch still in the security-fix track? Happy to send a focused backport — it's a 4-line change plus the tests/disas/f64-copysign.wat regression test.

vulgraph

view this post on Zulip Wasmtime GitHub notifications bot (Apr 28 2026 at 09:58):

tschneidereit commented on issue #13220:

See #13221

view this post on Zulip Wasmtime GitHub notifications bot (Apr 30 2026 at 17:02):

vulgraph commented on issue #13220:

Thanks for the cross-link to the policy explanation in the sister thread — got it, no further action needed here. Closing.

Last updated: May 03 2026 at 22:13 UTC