122691 – Potential register trampling in JIT since r157313.

RESOLVED FIXED 122691

Potential register trampling in JIT since r157313.

https://bugs.webkit.org/show_bug.cgi?id=122691

Summary Potential register trampling in JIT since r157313.

Julien Brianceau

Reported 2013-10-12 04:44:12 PDT

In the following function of jit/CCallHelpers.h, arg2 will be crushed if (arg2 == GPRInfo::argumentGPR1): ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, GPRReg arg2, TrustedImm32 arg3) { move(arg1, GPRInfo::argumentGPR1); move(arg2, GPRInfo::argumentGPR2); move(arg3, GPRInfo::argumentGPR3); move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0); }

Attachments
Fix potential register trampling in JIT. (1.24 KB, patch) 2013-10-12 04:46 PDT, Julien Brianceau	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Julien Brianceau

Comment 1 2013-10-12 04:46:50 PDT

Created attachment 214053 [details] Fix potential register trampling in JIT.

WebKit Commit Bot

Comment 2 2013-10-12 08:13:43 PDT

Comment on attachment 214053 [details] Fix potential register trampling in JIT. Clearing flags on attachment: 214053 Committed r157339: <http://trac.webkit.org/changeset/157339>

WebKit Commit Bot

Comment 3 2013-10-12 08:13:45 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2013-10-12 04:44 PDT

Modified

2013-10-12 08:13 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks