Bug 183067

Summary:

validateStackAccess should not validate if the offset is within the stack bounds

Product:

WebKit

Reporter:

Saam Barati <saam>

Component:

JavaScriptCore

Assignee:

Saam Barati <saam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, commit-queue, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	none

Saam Barati

Reported 2018-02-22 16:01:19 PST

For example, we may emit code that only reaches such a stack load conditionally. It's natural to emit such code. This happens in the case of GetMyArgumentByVal, which will branch on the argument count before issuing a load.

Attachments
patch (3.24 KB, patch) 2018-02-22 16:07 PST, Saam Barati	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2018-02-22 16:01:53 PST

<rdar://problem/37749988>

Saam Barati

Comment 2 2018-02-22 16:07:42 PST

Created attachment 334482 [details] patch

Mark Lam

Comment 3 2018-02-26 12:17:20 PST

Comment on attachment 334482 [details] patch r=me

WebKit Commit Bot

Comment 4 2018-02-26 12:42:43 PST

Comment on attachment 334482 [details] patch Clearing flags on attachment: 334482 Committed r229036: <https://trac.webkit.org/changeset/229036>

WebKit Commit Bot

Comment 5 2018-02-26 12:42:45 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.