Bug 122691

Summary:

Potential register trampling in JIT since r157313.

Product:

WebKit

Reporter:

Julien Brianceau <jbriance>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, mark.lam, msaboff

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Fix potential register trampling in JIT.	none

Julien Brianceau

Reported 2013-10-12 04:44:12 PDT

In the following function of jit/CCallHelpers.h, arg2 will be crushed if (arg2 == GPRInfo::argumentGPR1): ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, GPRReg arg2, TrustedImm32 arg3) { move(arg1, GPRInfo::argumentGPR1); move(arg2, GPRInfo::argumentGPR2); move(arg3, GPRInfo::argumentGPR3); move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0); }

Attachments
Fix potential register trampling in JIT. (1.24 KB, patch) 2013-10-12 04:46 PDT, Julien Brianceau	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Julien Brianceau

Comment 1 2013-10-12 04:46:50 PDT

Created attachment 214053 [details] Fix potential register trampling in JIT.

WebKit Commit Bot

Comment 2 2013-10-12 08:13:43 PDT

Comment on attachment 214053 [details] Fix potential register trampling in JIT. Clearing flags on attachment: 214053 Committed r157339: <http://trac.webkit.org/changeset/157339>

WebKit Commit Bot

Comment 3 2013-10-12 08:13:45 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.