Bug 110893

Summary: Potential crash in YARR JIT generated code when building 64 bit
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch none

Michael Saboff
Reported 2013-02-26 11:02:36 PST
The index and length parameters to a generated regular expression match function are unsigned 32 bit ints. The ABI allows them to be any value. We should clear the upper 32 bits.
Attachments
Patch (1.59 KB, patch)
2013-02-26 11:07 PST, Michael Saboff 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2013-02-26 11:07:48 PST
Created attachment 190327 [details] Patch This patch has already been reviewed.
Michael Saboff
Comment 2 2013-02-26 11:39:44 PST
Committed r144083: <http://trac.webkit.org/changeset/144083>
Note You need to log in before you can comment on or make changes to this bug.