RESOLVED FIXED232024
Add missing overflow checks to DFGIntegerRangeOptimizationPhase::isEquivalentTo() 
https://bugs.webkit.org/show_bug.cgi?id=232024
Summary Add missing overflow checks to DFGIntegerRangeOptimizationPhase::isEquivalent...
Michael Saboff
Reported 2021-10-20 11:11:03 PDT
In isEquivalentTo() we should check for overflow when adding offsets. bool isEquivalentTo(const Relationship& other) const { ... if (m_right->isInt32Constant() && other.m_right->isInt32Constant()) { return (thisRight + m_offset) == (otherRight + other.m_offset); } ... }
Attachments
Patch with mini-mode fix. (1.70 KB, patch)
2021-10-20 11:20 PDT, Michael Saboff 		tzagallo: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2021-10-20 11:20:12 PDT
Created attachment 441903 [details] Patch with mini-mode fix.
Tadeu Zagallo
Comment 2 2021-10-20 11:21:37 PDT
Comment on attachment 441903 [details] Patch with mini-mode fix. r=me
Michael Saboff
Comment 3 2021-10-20 11:23:31 PDT
<rdar://84329018>
Michael Saboff
Comment 4 2021-10-20 11:24:28 PDT
Ignore the "mini-mode" comment - It was auto filled from Safari.
Mark Lam
Comment 5 2021-10-20 11:30:04 PDT
Comment on attachment 441903 [details] Patch with mini-mode fix. View in context: https://bugs.webkit.org/attachment.cgi?id=441903&action=review > Source/JavaScriptCore/ChangeLog:8 > + Added overflow chaeck before comparing for equality. typo: chaeck
Michael Saboff
Comment 6 2021-10-20 11:30:47 PDT
(In reply to Mark Lam from comment #5) > Comment on attachment 441903 [details] > Patch with mini-mode fix. > > View in context: > https://bugs.webkit.org/attachment.cgi?id=441903&action=review > > > Source/JavaScriptCore/ChangeLog:8 > > + Added overflow chaeck before comparing for equality. > > typo: chaeck Will fix.
Michael Saboff
Comment 7 2021-10-20 14:45:18 PDT
Committed r284573 (243313@main): <https://commits.webkit.org/243313@main>
Note You need to log in before you can comment on or make changes to this bug.