Bug 183067

Summary:

validateStackAccess should not validate if the offset is within the stack bounds

Product:

WebKit

Reporter:

Saam Barati <saam>

Component:

JavaScriptCore

Assignee:

Saam Barati <saam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, commit-queue, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	none

Description Saam Barati 2018-02-22 16:01:19 PST

For example, we may emit code that only reaches such a stack load conditionally. It's natural to emit such code. This happens in the case of GetMyArgumentByVal, which will branch on the argument count before issuing a load.

Comment 1 Saam Barati 2018-02-22 16:01:53 PST

<rdar://problem/37749988>

Comment 2 Saam Barati 2018-02-22 16:07:42 PST

Created attachment 334482 [details]
patch

Comment 3 Mark Lam 2018-02-26 12:17:20 PST

Comment on attachment 334482 [details]
patch

r=me

Comment 4 WebKit Commit Bot 2018-02-26 12:42:43 PST

Comment on attachment 334482 [details]
patch

Clearing flags on attachment: 334482

Committed r229036: <https://trac.webkit.org/changeset/229036>

Comment 5 WebKit Commit Bot 2018-02-26 12:42:45 PST

All reviewed patches have been landed.  Closing bug.