Reviewers: jarin,
Message:
PTAL
https://codereview.chromium.org/210053003/diff/1/src/x64/lithium-codegen-x64.cc
File src/x64/lithium-codegen-x64.cc (right):
https://codereview.chromium.org/210053003/diff/1/src/x64/lithium-codegen-x64.cc#newcode2924
src/x64/lithium-codegen-x64.cc:2924: __ movp(result,
args.GetArgumentOperand(const_index));
This move is guarded by HBoundsCheck at run-time, but
StackArgumentsAccessor has an assertion that index is non-negative.
Description:
Add index check in DoAccessArgumentsAt.
BUG=355523
LOG=N
TEST=mjsunit/regress/regress-355523
Please review this at https://codereview.chromium.org/210053003/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+7, -3 lines):
M src/x64/lithium-codegen-x64.cc
Index: src/x64/lithium-codegen-x64.cc
diff --git a/src/x64/lithium-codegen-x64.cc b/src/x64/lithium-codegen-x64.cc
index
ef9fb92e0eda32a4c01a1bcedf99263d6067d4cb..3b1281debec8ff610d98c230a376492e11196736
100644
--- a/src/x64/lithium-codegen-x64.cc
+++ b/src/x64/lithium-codegen-x64.cc
@@ -2918,9 +2918,13 @@ void
LCodeGen::DoAccessArgumentsAt(LAccessArgumentsAt* instr) {
instr->index()->IsConstantOperand()) {
int32_t const_index =
ToInteger32(LConstantOperand::cast(instr->index()));
int32_t const_length =
ToInteger32(LConstantOperand::cast(instr->length()));
- StackArgumentsAccessor args(arguments, const_length,
- ARGUMENTS_DONT_CONTAIN_RECEIVER);
- __ movp(result, args.GetArgumentOperand(const_index));
+ if (const_index >= 0 && const_index < const_length) {
+ StackArgumentsAccessor args(arguments, const_length,
+ ARGUMENTS_DONT_CONTAIN_RECEIVER);
+ __ movp(result, args.GetArgumentOperand(const_index));
+ } else if (FLAG_debug_code) {
+ __ Abort(const_index < 0 ? kIndexIsNegative : kIndexIsTooLarge);
+ }
} else {
Register length = ToRegister(instr->length());
// There are two words between the frame pointer and the last argument.
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
