Title: [269088] branches/safari-610-branch/Source/_javascript_Core
- Revision
- 269088
- Author
- [email protected]
- Date
- 2020-10-27 18:42:54 -0700 (Tue, 27 Oct 2020)
Log Message
Cherry-pick r269016. rdar://problem/70733329
Validate addresses returned by LinkBuffer::locationOf
https://bugs.webkit.org/show_bug.cgi?id=217786
<rdar://problem/69887913>
Reviewed by Saam Barati.
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::locationOf):
(JSC::LinkBuffer::locationOfNearCall):
(JSC::LinkBuffer::getLinkerAddress):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269016 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-610-branch/Source/_javascript_Core/ChangeLog (269087 => 269088)
--- branches/safari-610-branch/Source/_javascript_Core/ChangeLog 2020-10-28 01:42:52 UTC (rev 269087)
+++ branches/safari-610-branch/Source/_javascript_Core/ChangeLog 2020-10-28 01:42:54 UTC (rev 269088)
@@ -1,3 +1,33 @@
+2020-10-27 Russell Epstein <[email protected]>
+
+ Cherry-pick r269016. rdar://problem/70733329
+
+ Validate addresses returned by LinkBuffer::locationOf
+ https://bugs.webkit.org/show_bug.cgi?id=217786
+ <rdar://problem/69887913>
+
+ Reviewed by Saam Barati.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::locationOf):
+ (JSC::LinkBuffer::locationOfNearCall):
+ (JSC::LinkBuffer::getLinkerAddress):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269016 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-10-15 Tadeu Zagallo <[email protected]>
+
+ Validate addresses returned by LinkBuffer::locationOf
+ https://bugs.webkit.org/show_bug.cgi?id=217786
+ <rdar://problem/69887913>
+
+ Reviewed by Saam Barati.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::locationOf):
+ (JSC::LinkBuffer::locationOfNearCall):
+ (JSC::LinkBuffer::getLinkerAddress):
+
2020-10-14 Alan Coon <[email protected]>
Cherry-pick r268371. rdar://problem/70267767
Modified: branches/safari-610-branch/Source/_javascript_Core/assembler/LinkBuffer.h (269087 => 269088)
--- branches/safari-610-branch/Source/_javascript_Core/assembler/LinkBuffer.h 2020-10-28 01:42:52 UTC (rev 269087)
+++ branches/safari-610-branch/Source/_javascript_Core/assembler/LinkBuffer.h 2020-10-28 01:42:54 UTC (rev 269088)
@@ -195,7 +195,7 @@
{
ASSERT(call.isFlagSet(Call::Linkable));
ASSERT(!call.isFlagSet(Call::Near));
- return CodeLocationCall<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(call.m_label)));
+ return CodeLocationCall<tag>(getLinkerAddress<tag>(applyOffset(call.m_label)));
}
template<PtrTag tag>
@@ -203,7 +203,7 @@
{
ASSERT(call.isFlagSet(Call::Linkable));
ASSERT(call.isFlagSet(Call::Near));
- return CodeLocationNearCall<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(call.m_label)),
+ return CodeLocationNearCall<tag>(getLinkerAddress<tag>(applyOffset(call.m_label)),
call.isFlagSet(Call::Tail) ? NearCallMode::Tail : NearCallMode::Regular);
}
@@ -210,37 +210,37 @@
template<PtrTag tag>
CodeLocationLabel<tag> locationOf(PatchableJump jump)
{
- return CodeLocationLabel<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(jump.m_jump.m_label)));
+ return CodeLocationLabel<tag>(getLinkerAddress<tag>(applyOffset(jump.m_jump.m_label)));
}
template<PtrTag tag>
CodeLocationLabel<tag> locationOf(Label label)
{
- return CodeLocationLabel<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+ return CodeLocationLabel<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
}
template<PtrTag tag>
CodeLocationDataLabelPtr<tag> locationOf(DataLabelPtr label)
{
- return CodeLocationDataLabelPtr<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+ return CodeLocationDataLabelPtr<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
}
template<PtrTag tag>
CodeLocationDataLabel32<tag> locationOf(DataLabel32 label)
{
- return CodeLocationDataLabel32<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+ return CodeLocationDataLabel32<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
}
template<PtrTag tag>
CodeLocationDataLabelCompact<tag> locationOf(DataLabelCompact label)
{
- return CodeLocationDataLabelCompact<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+ return CodeLocationDataLabelCompact<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
}
template<PtrTag tag>
CodeLocationConvertibleLoad<tag> locationOf(ConvertibleLoadLabel label)
{
- return CodeLocationConvertibleLoad<tag>(MacroAssembler::getLinkerAddress<tag>(code(), applyOffset(label.m_label)));
+ return CodeLocationConvertibleLoad<tag>(getLinkerAddress<tag>(applyOffset(label.m_label)));
}
// This method obtains the return address of the call, given as an offset from
@@ -331,6 +331,15 @@
void allocate(MacroAssembler&, JITCompilationEffort);
+ template<PtrTag tag, typename T>
+ void* getLinkerAddress(T src)
+ {
+ void *code = this->code();
+ void* address = MacroAssembler::getLinkerAddress<tag>(code, src);
+ RELEASE_ASSERT(code <= untagCodePtr<tag>(address) && untagCodePtr<tag>(address) <= static_cast<char*>(code) + size());
+ return address;
+ }
+
JS_EXPORT_PRIVATE void linkCode(MacroAssembler&, JITCompilationEffort);
#if ENABLE(BRANCH_COMPACTION)
template <typename InstructionType>
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
