WebKit Bugzilla
Attachment 343041 Details for
Bug 186765
: [Armv7] Linkbuffer: executableOffsetFor() fails for location 2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186765-20180619122014.patch (text/plain), 1.68 KB, created by
Guillaume Emont
on 2018-06-19 03:20:15 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Guillaume Emont
Created:
2018-06-19 03:20:15 PDT
Size:
1.68 KB
patch
obsolete
>Subversion Revision: 232956 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 68a6806855e6f07dfebeff7d5a64728ed1b90e6f..ea8fc58ecf62e2ec9d8c80daec04777896b30e99 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,15 @@ >+2018-06-18 Guillaume Emont <guijemont@igalia.com> >+ >+ [Armv7] Linkbuffer: executableOffsetFor() fails for location 2 >+ https://bugs.webkit.org/show_bug.cgi?id=186765 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This widens the check for 0 so that we handle that case more correctly. >+ >+ * assembler/LinkBuffer.h: >+ (JSC::LinkBuffer::executableOffsetFor): >+ > 2018-06-18 Keith Miller <keith_miller@apple.com> > > JSImmutableButterfly should assert m_header is adjacent to the data >diff --git a/Source/JavaScriptCore/assembler/LinkBuffer.h b/Source/JavaScriptCore/assembler/LinkBuffer.h >index 792a8c952261d640c17bfc2350ef8ecb42ee7143..06c2670126b38efdb9110a0b843992ce241fa9b5 100644 >--- a/Source/JavaScriptCore/assembler/LinkBuffer.h >+++ b/Source/JavaScriptCore/assembler/LinkBuffer.h >@@ -297,7 +297,11 @@ private: > #if ENABLE(BRANCH_COMPACTION) > int executableOffsetFor(int location) > { >- if (!location) >+ // Returning 0 in this case works because at location < >+ // sizeof(int32_t), no compaction could have happened before this >+ // point as the assembler could not have placed a branch instruction >+ // within this space that required compaction. >+ if (location < static_cast<int>(sizeof(int32_t))) > return 0; > return bitwise_cast<int32_t*>(m_assemblerStorage.buffer())[location / sizeof(int32_t) - 1]; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343041">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186765
:
342936
|
343007
|
343041
|
343148
|
343152