Skip to site navigation (Press enter)

[webkit-changes] [165426] trunk/Source/JavaScriptCore

mark . lam Mon, 10 Mar 2014 21:01:31 -0700

Title: [165426] trunk/Source/_javascript_Core

Revision: 165426
Author: [email protected]
Date: 2014-03-10 21:06:31 -0700 (Mon, 10 Mar 2014)

Log Message

Crash on a stack overflow on 32-bit x86 in http/tests/websocket/tests/hybi/workers/no-onmessage-in-sync-op.html.
<https://webkit.org/b/129955>


Reviewed by Geoffrey Garen.

The 32-bit x86 version of getHostCallReturnValue() was leaking 16 bytes
stack memory every time it was called.  This is now fixed.

* jit/JITOperations.cpp:

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jit/JITOperations.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (165425 => 165426)


--- trunk/Source/_javascript_Core/ChangeLog	2014-03-11 03:08:01 UTC (rev 165425)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-03-11 04:06:31 UTC (rev 165426)
@@ -1,3 +1,15 @@
+2014-03-10  Mark Lam  <[email protected]>
+
+        Crash on a stack overflow on 32-bit x86 in http/tests/websocket/tests/hybi/workers/no-onmessage-in-sync-op.html.
+        <https://webkit.org/b/129955>
+
+        Reviewed by Geoffrey Garen.
+
+        The 32-bit x86 version of getHostCallReturnValue() was leaking 16 bytes
+        stack memory every time it was called.  This is now fixed.
+
+        * jit/JITOperations.cpp:
+
 2014-03-10  Joseph Pecoraro  <[email protected]>
 
         Better JSContext API for named evaluations (other than //# sourceURL)

Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (165425 => 165426)


--- trunk/Source/_javascript_Core/jit/JITOperations.cpp	2014-03-11 03:08:01 UTC (rev 165425)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp	2014-03-11 04:06:31 UTC (rev 165426)
@@ -1830,12 +1830,13 @@
 ".globl " SYMBOL_STRING(getHostCallReturnValue) "\n"
 HIDE_SYMBOL(getHostCallReturnValue) "\n"
 SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
-    "mov (%esp), %eax\n"
     "push %ebp\n"
     "leal -4(%esp), %esp\n"
     "push %ebp\n"
-    "push %eax\n"
-    "jmp " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
+    "call " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
+    "leal 8(%esp), %esp\n"
+    "pop %ebp\n"
+    "ret\n"
 );
 
 #elif COMPILER(GCC) && CPU(ARM_THUMB2)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes