WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
ASSIGNED
140145
Harden baseline JIT implementations of op_resolve_scope and op_get_from_scope against undefined scope register value
https://bugs.webkit.org/show_bug.cgi?id=140145
Summary
Harden baseline JIT implementations of op_resolve_scope and op_get_from_scope...
Michael Saboff
Reported
2015-01-06 13:51:54 PST
Similar to the issue in
https://bugs.webkit.org/show_bug.cgi?id=140033
for op_new_func*, the DFG could dead code eliminate the use of the scope register. Upon OSR exit to the baseline JIT, the scope register would be undefined. The code determined to be dead by the DFG is still executed in the baseline JIT. An inspection of the code shows that op_resolve_scope and op_get_from_scope need to be hardened against an undefined scope value.
Attachments
Add attachment
proposed patch, testcase, etc.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug