Title: [110443] trunk/Source/_javascript_Core
- Revision
- 110443
- Author
- commit-qu...@webkit.org
- Date
- 2012-03-12 10:31:26 -0700 (Mon, 12 Mar 2012)
Log Message
Integer overflow check code in arithmetic operation in classic interpreter
https://bugs.webkit.org/show_bug.cgi?id=80465
Patch by SangGyu Lee <sg5....@samsung.com> on 2012-03-12
Reviewed by Gavin Barraclough.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (110442 => 110443)
--- trunk/Source/_javascript_Core/ChangeLog 2012-03-12 17:17:18 UTC (rev 110442)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-03-12 17:31:26 UTC (rev 110443)
@@ -1,3 +1,13 @@
+2012-03-12 SangGyu Lee <sg5....@samsung.com>
+
+ Integer overflow check code in arithmetic operation in classic interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=80465
+
+ Reviewed by Gavin Barraclough.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
2012-03-12 Zeno Albisser <z...@webkit.org>
[Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (110442 => 110443)
--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2012-03-12 17:17:18 UTC (rev 110442)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2012-03-12 17:31:26 UTC (rev 110443)
@@ -2352,7 +2352,7 @@
int dst = vPC[1].u.operand;
JSValue src1 = callFrame->r(vPC[2].u.operand).jsValue();
JSValue src2 = callFrame->r(vPC[3].u.operand).jsValue();
- if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | (src2.asInt32() & 0xc0000000))) // no overflow
+ if (src1.isInt32() && src2.isInt32() && !((src1.asInt32() | src2.asInt32()) & 0xc0000000)) // no overflow
callFrame->uncheckedR(dst) = jsNumber(src1.asInt32() + src2.asInt32());
else {
JSValue result = jsAdd(callFrame, src1, src2);
@@ -2371,7 +2371,7 @@
int dst = vPC[1].u.operand;
JSValue src1 = callFrame->r(vPC[2].u.operand).jsValue();
JSValue src2 = callFrame->r(vPC[3].u.operand).jsValue();
- if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32() >> 15)) // no overflow
+ if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32()) >> 15) // no overflow
callFrame->uncheckedR(dst) = jsNumber(src1.asInt32() * src2.asInt32());
else {
JSValue result = jsNumber(src1.toNumber(callFrame) * src2.toNumber(callFrame));
@@ -2439,7 +2439,7 @@
int dst = vPC[1].u.operand;
JSValue src1 = callFrame->r(vPC[2].u.operand).jsValue();
JSValue src2 = callFrame->r(vPC[3].u.operand).jsValue();
- if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | (src2.asInt32() & 0xc0000000))) // no overflow
+ if (src1.isInt32() && src2.isInt32() && !((src1.asInt32() | src2.asInt32()) & 0xc0000000)) // no overflow
callFrame->uncheckedR(dst) = jsNumber(src1.asInt32() - src2.asInt32());
else {
JSValue result = jsNumber(src1.toNumber(callFrame) - src2.toNumber(callFrame));
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
