Bug 216082

Summary: AbstractMacroAssembler::Jump class has uninitialized instance variables
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: JavaScriptCoreAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch v1 none

David Kilzer (:ddkilzer)
Reported 2020-09-02 10:54:13 PDT
AbstractMacroAssembler::Jump class has uninitialized instance variables when using default (and other) constructors. Found by clang static analyzer using the optin.cplusplus.UninitializedObject checker.
Attachments
Patch v1 (2.55 KB, patch)
2020-09-02 10:58 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2020-09-02 10:58:02 PDT
Created attachment 407778 [details] Patch v1
David Kilzer (:ddkilzer)
Comment 2 2020-09-02 11:00:14 PDT
Comment on attachment 407778 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=407778&action=review > Source/JavaScriptCore/assembler/AbstractMacroAssembler.h:685 > + bool m_is64Bit { false }; Should this be { true } instead since this is only compiled on CPU(ARM64)? Or do we have 32-bit jumps in arm64[e]?
Michael Saboff
Comment 3 2020-09-02 11:40:15 PDT
Comment on attachment 407778 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=407778&action=review r=me. This is good defensive programming, but I don't think that this fixes any latent bugs as these fields are set for the instruction variants that use them. >> Source/JavaScriptCore/assembler/AbstractMacroAssembler.h:685 >> + bool m_is64Bit { false }; > > Should this be { true } instead since this is only compiled on CPU(ARM64)? Or do we have 32-bit jumps in arm64[e]? All jumps for ARM64[e] are 64 bit in terms of changes to the PC. The m_is64Bit is for the compare and branch jumps (CBZ and CBNZ) and relate to the size of the comparison. The m_is64Bit flag is not used for the other branch types.
David Kilzer (:ddkilzer)
Comment 4 2020-09-03 10:07:11 PDT
Comment on attachment 407778 [details] Patch v1 Adding cq+ since failures in fast/block/margin-collapse/103.html are happening across multiple patches. Not related to this patch.
EWS
Comment 5 2020-09-03 10:20:50 PDT
Committed r266530: <https://trac.webkit.org/changeset/266530> All reviewed patches have been landed. Closing bug and clearing flags on attachment 407778 [details].
Radar WebKit Bug Importer
Comment 6 2020-09-03 10:21:17 PDT
<rdar://problem/68287015>
Note You need to log in before you can comment on or make changes to this bug.