RESOLVED FIXED 124481
ARM64 CRASH: Improper offset in getHostCallReturnValue() to access callerFrame in CallFrame 
https://bugs.webkit.org/show_bug.cgi?id=124481
Summary ARM64 CRASH: Improper offset in getHostCallReturnValue() to access callerFram...
Michael Saboff
Reported 2013-11-17 23:55:11 PST
In jit/JITOperations.cpp, the ARM64 version of getHostCallReturnValue() has the improper offset of -32. It should be changed to 0. #elif CPU(ARM64) asm ( ".text" "\n" ".align 2" "\n" ".globl " SYMBOL_STRING(getHostCallReturnValue) "\n" HIDE_SYMBOL(getHostCallReturnValue) "\n" SYMBOL_STRING(getHostCallReturnValue) ":" "\n" "ldur x25, [x25, #-32]" "\n" <== This should be "ldur x25, [x25, #0]" "mov x0, x25" "\n" "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n" );
Attachments
Patch (1.37 KB, patch)
2013-11-18 10:04 PST, Michael Saboff 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Andy Estes
Comment 1 2013-11-17 23:57:39 PST
I'm building this change now.
Andy Estes
Comment 2 2013-11-18 01:09:10 PST
Now we're just running in to this problem in MacroAssemblerARM64.h: void pop(RegisterID) NO_RETURN_DUE_TO_CRASH { CRASH(); } void push(RegisterID) NO_RETURN_DUE_TO_CRASH { CRASH(); } void push(Address) NO_RETURN_DUE_TO_CRASH { CRASH(); } void push(TrustedImm32) NO_RETURN_DUE_TO_CRASH { CRASH(); } Did you have a fix for this too?
Andy Estes
Comment 3 2013-11-18 01:59:42 PST
After commenting out emitPointerValidation() in ThunkGenerators.cpp, I could successfully load apple.com.
Michael Saboff
Comment 4 2013-11-18 07:15:08 PST
(In reply to comment #3) > After commenting out emitPointerValidation() in ThunkGenerators.cpp, I could successfully load apple.com. I'll post a patch soon.
Michael Saboff
Comment 5 2013-11-18 10:04:34 PST
Created attachment 217206 [details] Patch
Mark Lam
Comment 6 2013-11-18 10:10:11 PST
Comment on attachment 217206 [details] Patch r=me
Michael Saboff
Comment 7 2013-11-18 10:17:08 PST
Committed r159428: <http://trac.webkit.org/changeset/159428>
Note You need to log in before you can comment on or make changes to this bug.