110893 – Potential crash in YARR JIT generated code when building 64 bit

RESOLVED FIXED 110893

Potential crash in YARR JIT generated code when building 64 bit

https://bugs.webkit.org/show_bug.cgi?id=110893

Summary Potential crash in YARR JIT generated code when building 64 bit

Michael Saboff

Reported 2013-02-26 11:02:36 PST

The index and length parameters to a generated regular expression match function are unsigned 32 bit ints. The ABI allows them to be any value. We should clear the upper 32 bits.

Attachments
Patch (1.59 KB, patch) 2013-02-26 11:07 PST, Michael Saboff	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2013-02-26 11:07:48 PST

Created attachment 190327 [details] Patch This patch has already been reviewed.

Michael Saboff

Comment 2 2013-02-26 11:39:44 PST

Committed r144083: <http://trac.webkit.org/changeset/144083>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Michael Saboff

Reported

2013-02-26 11:02 PST

Modified

2013-02-26 11:39 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks