Wasmtime GitHub notifications bot (May 15 2026 at 16:34): Wasmtime GitHub notifications bot (May 15 2026 at 16:34):fitzgen opened issue #13387:
These cannot lead to infinite loops since they are still bounded, and therefore are not DoS CVEs, but they could block for longer than usual and lead to spiky latencies.[^spiky]
[^spiky]: "No spiky latencies" is not something we provide guarantees around already, since we only insert checks at loop headers and function calls, so e.g. large basic blocks without those things can have similar behavior.
FWIW, we needn't necessarily add checks on every byte copied in a
memory.copy, which would impose horrendous overheads. What we could do to address this instead is have a max size on the chunk of data we are processing all at once without interruption checks and then effectively emit code likefor chunk in block.chunks(MAX_CHUNK_SIZE) { check(); process(chunk); // <--- the current hot loop or memmove/memcopy libcall }https://github.com/bytecodealliance/wasmtime/pull/13382 introduced checks for some of the
arrayoperations, but IIUC not all of them and also for the ones it does it inserts epoch checks on every loop iteration, rather than doing the chunking suggested above. I thinkarray.newand its ilk are still not checked, but I haven't verified that.
Wasmtime GitHub notifications bot (May 15 2026 at 16:34):fitzgen added the wasm-proposal:gc label to Issue #13387.
Wasmtime GitHub notifications bot (May 15 2026 at 18:56):alexcrichton commented on issue #13387:
IMO "yes", and I've got a PR for this after #13382
Wasmtime GitHub notifications bot (May 15 2026 at 19:15):alexcrichton commented on issue #13387:
A checklist of instructions to handle:
- [ ]
memory.copy- [ ]
memory.fill- [ ]
memory.init- [ ]
table.copy- [ ]
table.fill- [ ]
table.init- [ ]
array.copy- [ ]
array.fill- [ ]
array.init_data- [ ]
array.init_elem- [ ]
array.new_data- [ ]
array.new_elem- [ ]
array.new_default- [ ]
array.new
Wasmtime GitHub notifications bot (May 15 2026 at 23:33):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [ ]
memory.init- [ ]
table.copy- [ ]
table.fill- [ ]
table.init- [ ]
array.copy#13393- [ ]
array.fill#13393- [ ]
array.init_data- [ ]
array.init_elem- [ ]
array.new_data- [ ]
array.new_elem- [ ]
array.new_default- [ ]
array.new
Wasmtime GitHub notifications bot (May 15 2026 at 23:40):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [ ]
memory.init- [ ]
table.copy- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [ ]
array.init_data- [ ]
array.init_elem- [ ]
array.new_data- [ ]
array.new_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 16 2026 at 00:03):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [ ]
memory.init- [ ]
table.copy- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [ ]
array.init_data- [ ]
array.new_data- [ ]
array.init_elem- [ ]
array.new_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 16 2026 at 00:03):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [ ]
memory.init- [ ]
table.copy- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [ ]
array.new_data- [ ]
array.init_data- [ ]
array.init_elem- [ ]
array.new_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 16 2026 at 00:03):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [ ]
memory.init- [ ]
table.copy- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [ ]
array.new_data- [ ]
array.init_data- [ ]
array.new_elem- [ ]
array.init_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 16 2026 at 18:26):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [ ]
memory.init#13394- [ ]
table.copy- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [ ]
array.new_data#13394- [ ]
array.init_data#13394- [ ]
array.new_elem- [ ]
array.init_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 20 2026 at 06:13):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [ ]
memory.init#13394- [x]
table.copy#13407- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [ ]
array.new_data#13394- [ ]
array.init_data#13394- [ ]
array.new_elem- [ ]
array.init_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 20 2026 at 06:13):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [x]
memory.init#13394- [x]
table.copy#13407- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [ ]
array.new_data#13394- [ ]
array.init_data#13394- [ ]
array.new_elem- [ ]
array.init_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 20 2026 at 06:13):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [x]
memory.init#13394- [x]
table.copy#13407- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [x]
array.new_data#13394- [ ]
array.init_data#13394- [ ]
array.new_elem- [ ]
array.init_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 20 2026 at 06:13):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [x]
memory.init#13394- [x]
table.copy#13407- [ ]
table.fill- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [x]
array.new_data#13394- [x]
array.init_data#13394- [ ]
array.new_elem- [ ]
array.init_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 21 2026 at 05:46):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [x]
memory.init#13394- [x]
table.copy#13407- [x]
table.fillhttps://github.com/bytecodealliance/wasmtime/pull/13424- [x]
table.growhttps://github.com/bytecodealliance/wasmtime/pull/13424- [ ]
table.init- [x]
array.copy#13393- [x]
array.fill#13393- [x]
array.new_data#13394- [x]
array.init_data#13394- [ ]
array.new_elem- [ ]
array.init_elem- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 21 2026 at 21:55):alexcrichton edited a comment on issue #13387:
A checklist of instructions to handle:
- [x]
memory.copy#13393- [x]
memory.fill#13393- [x]
memory.init#13394- [x]
table.copy#13407- [x]
table.fillhttps://github.com/bytecodealliance/wasmtime/pull/13424- [x]
table.growhttps://github.com/bytecodealliance/wasmtime/pull/13424- [x]
table.inithttps://github.com/bytecodealliance/wasmtime/pull/13444- [x]
array.copy#13393- [x]
array.fill#13393- [x]
array.new_data#13394- [x]
array.init_data#13394- [x]
array.new_elemhttps://github.com/bytecodealliance/wasmtime/pull/13444- [x]
array.init_elemhttps://github.com/bytecodealliance/wasmtime/pull/13444- [x]
array.new_default#13393- [x]
array.new#13393
Wasmtime GitHub notifications bot (May 22 2026 at 17:31):cfallin closed issue #13387:
These cannot lead to infinite loops since they are still bounded, and therefore are not DoS CVEs, but they could block for longer than usual and lead to spiky latencies.[^spiky]
[^spiky]: "No spiky latencies" is not something we provide guarantees around already, since we only insert checks at loop headers and function calls, so e.g. large basic blocks without those things can have similar behavior.
FWIW, we needn't necessarily add checks on every byte copied in a
memory.copy, which would impose horrendous overheads. What we could do to address this instead is have a max size on the chunk of data we are processing all at once without interruption checks and then effectively emit code likefor chunk in block.chunks(MAX_CHUNK_SIZE) { check(); process(chunk); // <--- the current hot loop or memmove/memcopy libcall }https://github.com/bytecodealliance/wasmtime/pull/13382 introduced checks for some of the
arrayoperations, but IIUC not all of them and also for the ones it does it inserts epoch checks on every loop iteration, rather than doing the chunking suggested above. I thinkarray.newand its ilk are still not checked, but I haven't verified that.
Last updated: Jun 01 2026 at 09:49 UTC