Bug 232024 - Add missing overflow checks to DFGIntegerRangeOptimizationPhase::isEquivalentTo()
Summary: Add missing overflow checks to DFGIntegerRangeOptimizationPhase::isEquivalent...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-10-20 11:11 PDT by Michael Saboff
Modified: 2022-02-27 23:24 PST (History)
6 users (show)

See Also:

Attachments
Patch with mini-mode fix. (1.70 KB, patch)
2021-10-20 11:20 PDT, Michael Saboff 		tzagallo: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2021-10-20 11:11:03 PDT 
In isEquivalentTo() we should check for overflow when adding offsets.

    bool isEquivalentTo(const Relationship& other) const
    {
        ...

        if (m_right->isInt32Constant() && other.m_right->isInt32Constant()) {
            return (thisRight + m_offset) == (otherRight + other.m_offset);
        }
        ...
    }
Comment 1 Michael Saboff 2021-10-20 11:20:12 PDT 
Created attachment 441903 [details]
Patch with mini-mode fix.
Comment 2 Tadeu Zagallo 2021-10-20 11:21:37 PDT 
Comment on attachment 441903 [details]
Patch with mini-mode fix.

r=me
Comment 3 Michael Saboff 2021-10-20 11:23:31 PDT 
<rdar://84329018>
Comment 4 Michael Saboff 2021-10-20 11:24:28 PDT 
Ignore the "mini-mode" comment - It was auto filled from Safari.
Comment 5 Mark Lam 2021-10-20 11:30:04 PDT 
Comment on attachment 441903 [details]
Patch with mini-mode fix.

View in context: https://bugs.webkit.org/attachment.cgi?id=441903&action=review

> Source/JavaScriptCore/ChangeLog:8
> +        Added overflow chaeck before comparing for equality.

typo: chaeck
Comment 6 Michael Saboff 2021-10-20 11:30:47 PDT 
(In reply to Mark Lam from comment #5)
> Comment on attachment 441903 [details]
> Patch with mini-mode fix.
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=441903&action=review
> 
> > Source/JavaScriptCore/ChangeLog:8
> > +        Added overflow chaeck before comparing for equality.
> 
> typo: chaeck

Will fix.
Comment 7 Michael Saboff 2021-10-20 14:45:18 PDT 
Committed r284573 (243313@main): <https://commits.webkit.org/243313@main>