Bug 40293 - Fix the length of instruction stream controlled by constant pool
Summary: Fix the length of instruction stream controlled by constant pool
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-08 05:48 PDT by Gabor Loki
Modified: 2010-06-24 00:48 PDT (History)
3 users (show)

See Also:


Attachments
Fix the length of instruction stream controlled by constant pool (2.00 KB, patch)
2010-06-08 05:50 PDT, Gabor Loki
barraclough: review+
loki: commit-queue-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Gabor Loki 2010-06-08 05:48:28 PDT
In AssemblerBufferWithConstantPool the initial/maximum length of instruction stream (m_maxDistance) was set by the constructor and the flushConstantPool, but the m_maxDistance was decreased by all put functions. Although there is no problem when the m_maxDistance is a negative value while the number of constant is zero. If a constant is placed onto the pool while the m_maxDistance is negative, the flushConstantPool will be invoked. This is not correct. The m_maxDistance should be set when the first constant arrives.

It can lead to an error. If an uninterrupted sequence comes after m_maxDistance is negative and number of constant is zero, the pool will be placed into the sequence.

I am going to upload a fix for this.
Comment 1 Gabor Loki 2010-06-08 05:50:46 PDT
Created attachment 58133 [details]
Fix the length of instruction stream controlled by constant pool
Comment 2 Gabor Loki 2010-06-24 00:48:59 PDT
Committed revision 61745.