Skip to site navigation (Press enter)

[webkit-changes] [223435] branches/safari-604.3.5.2-branch/Source/JavaScriptCore

jmarcell Mon, 16 Oct 2017 14:19:17 -0700

Title: [223435] branches/safari-604.3.5.2-branch/Source/_javascript_Core

Revision: 223435
Author: [email protected]
Date: 2017-10-16 13:50:23 -0700 (Mon, 16 Oct 2017)

Log Message

Cherry-pick r222417. rdar://problem/35010838


Modified Paths

branches/safari-604.3.5.2-branch/Source/_javascript_Core/ChangeLog
branches/safari-604.3.5.2-branch/Source/_javascript_Core/yarr/YarrJIT.cpp

Diff

Modified: branches/safari-604.3.5.2-branch/Source/_javascript_Core/ChangeLog (223434 => 223435)


--- branches/safari-604.3.5.2-branch/Source/_javascript_Core/ChangeLog	2017-10-16 20:50:21 UTC (rev 223434)
+++ branches/safari-604.3.5.2-branch/Source/_javascript_Core/ChangeLog	2017-10-16 20:50:23 UTC (rev 223435)
@@ -1,3 +1,22 @@
+2017-10-16  Jason Marcell  <[email protected]>
+
+        Cherry-pick r222417. rdar://problem/35010838
+
+    2017-09-22  Fujii Hironori  <[email protected]>
+
+            [Win64] Crashes in Yarr JIT compiled code
+            https://bugs.webkit.org/show_bug.cgi?id=177293
+
+            Reviewed by Yusuke Suzuki.
+
+            In x64 Windows, rcx register is used for the address of allocated
+            space for the return value. But, rcx is used for regT1 since
+            r221052. Save rcx in the stack.
+
+            * yarr/YarrJIT.cpp:
+            (JSC::Yarr::YarrGenerator::generateEnter): Push ecx.
+            (JSC::Yarr::YarrGenerator::generateReturn): Pop ecx.
+
 2017-09-12  Jason Marcell  <[email protected]>
 
         Cherry-pick r221711. rdar://problem/34404472

Modified: branches/safari-604.3.5.2-branch/Source/_javascript_Core/yarr/YarrJIT.cpp (223434 => 223435)


--- branches/safari-604.3.5.2-branch/Source/_javascript_Core/yarr/YarrJIT.cpp	2017-10-16 20:50:21 UTC (rev 223434)
+++ branches/safari-604.3.5.2-branch/Source/_javascript_Core/yarr/YarrJIT.cpp	2017-10-16 20:50:23 UTC (rev 223435)
@@ -2602,6 +2602,8 @@
 #if OS(WINDOWS)
         if (compileMode == IncludeSubpatterns)
             loadPtr(Address(X86Registers::ebp, 6 * sizeof(void*)), output);
+        // rcx is the pointer to the allocated space for result in x64 Windows.
+        push(X86Registers::ecx);
 #endif
 #elif CPU(X86)
         push(X86Registers::ebp);
@@ -2643,6 +2645,7 @@
 #if CPU(X86_64)
 #if OS(WINDOWS)
         // Store the return value in the allocated space pointed by rcx.
+        pop(X86Registers::ecx);
         store64(returnRegister, Address(X86Registers::ecx));
         store64(returnRegister2, Address(X86Registers::ecx, sizeof(void*)));
         move(X86Registers::ecx, returnRegister);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes