Skip to site navigation (Press enter)

[webkit-changes] [133357] trunk/Source/JavaScriptCore

fpizlo Fri, 02 Nov 2012 15:11:15 -0700

Title: [133357] trunk/Source/_javascript_Core

Revision: 133357
Author: [email protected]
Date: 2012-11-02 15:12:40 -0700 (Fri, 02 Nov 2012)

Log Message

JIT::privateCompileGetByVal should use MacroAssemblerCodePtr::createFromExecutableAddress like JIT::privateCompilePutByVal
https://bugs.webkit.org/show_bug.cgi?id=101109


Reviewed by Gavin Barraclough.

This fixes crashes on ARMv7 resulting from the return address already being tagged with the THUMB2 bit.

* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByVal):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (133356 => 133357)


--- trunk/Source/_javascript_Core/ChangeLog	2012-11-02 22:01:49 UTC (rev 133356)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-11-02 22:12:40 UTC (rev 133357)
@@ -1,3 +1,15 @@
+2012-11-02  Filip Pizlo  <[email protected]>
+
+        JIT::privateCompileGetByVal should use MacroAssemblerCodePtr::createFromExecutableAddress like JIT::privateCompilePutByVal
+        https://bugs.webkit.org/show_bug.cgi?id=101109
+
+        Reviewed by Gavin Barraclough.
+
+        This fixes crashes on ARMv7 resulting from the return address already being tagged with the THUMB2 bit.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompileGetByVal):
+
 2012-11-02  Simon Fraser  <[email protected]>
 
         Enable SUBPIXEL_LAYOUT on Mac

Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp (133356 => 133357)


--- trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp	2012-11-02 22:01:49 UTC (rev 133356)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp	2012-11-02 22:12:40 UTC (rev 133357)
@@ -1404,8 +1404,8 @@
 
     LinkBuffer patchBuffer(*m_globalData, this, m_codeBlock);
     
-    patchBuffer.link(badType, CodeLocationLabel(returnAddress.value()).labelAtOffset(byValInfo->returnAddressToSlowPath));
-    patchBuffer.link(slowCases, CodeLocationLabel(returnAddress.value()).labelAtOffset(byValInfo->returnAddressToSlowPath));
+    patchBuffer.link(badType, CodeLocationLabel(MacroAssemblerCodePtr::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
+    patchBuffer.link(slowCases, CodeLocationLabel(MacroAssemblerCodePtr::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
     
     patchBuffer.link(done, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes