WebKit Bugzilla
Attachment 370900 Details for
Bug 198355
: oss-fuzz: jsc: Issue 15016: jsc: Abrt in JSC::Wasm::AirIRGenerator::addLocal (15016)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198355-20190529170553.patch (text/plain), 2.71 KB, created by
Justin Michaud
on 2019-05-29 17:05:53 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Justin Michaud
Created:
2019-05-29 17:05:53 PDT
Size:
2.71 KB
patch
obsolete
>Subversion Revision: 245878 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index c89b5047dc7360522708d7f5eea5b1786a4d6185..af258c7ac2517ad810ee22d02b4c41998be55bbe 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,15 @@ >+2019-05-29 Justin Michaud <justin_michaud@apple.com> >+ >+ oss-fuzz: jsc: Issue 15016: jsc: Abrt in JSC::Wasm::AirIRGenerator::addLocal (15016) >+ https://bugs.webkit.org/show_bug.cgi?id=198355 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Fix missing anyref case in addLocal. >+ >+ * wasm/WasmAirIRGenerator.cpp: >+ (JSC::Wasm::AirIRGenerator::addLocal): >+ > 2019-05-29 Don Olmstead <don.olmstead@sony.com> > > Remove ENABLE definitions from WebKit config files >diff --git a/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp b/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp >index ce524dfde94530e120abc8da79153d01f158029e..3f51d0b0fc42797341e864f807d527fc2446c0c1 100644 >--- a/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp >+++ b/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp >@@ -879,6 +879,9 @@ auto AirIRGenerator::addLocal(Type type, uint32_t count) -> PartialResult > auto local = tmpForType(type); > m_locals.uncheckedAppend(local); > switch (type) { >+ case Type::Anyref: >+ append(Move, Arg::imm(JSValue::encode(jsNull())), local); >+ break; > case Type::I32: > case Type::I64: { > append(Xor64, local, local); >diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index c2f72e89661e2d6a368a5a5fbf243b4d0e5fa10c..7b2a9a26aea07be682e1f5bddf8cae728252b049 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,12 @@ >+2019-05-29 Justin Michaud <justin_michaud@apple.com> >+ >+ oss-fuzz: jsc: Issue 15016: jsc: Abrt in JSC::Wasm::AirIRGenerator::addLocal (15016) >+ https://bugs.webkit.org/show_bug.cgi?id=198355 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * wasm/references/is_null.js: >+ > 2019-05-28 Dean Jackson <dino@apple.com> > > Implement Promise.allSettled >diff --git a/JSTests/wasm/references/is_null.js b/JSTests/wasm/references/is_null.js >index 52bcbf36a78259e1ba8fe4b50b18ce88c3024dfb..4adc0ede00d46e545b29567c6022277b7ae1e143 100644 >--- a/JSTests/wasm/references/is_null.js >+++ b/JSTests/wasm/references/is_null.js >@@ -11,8 +11,10 @@ const builder = (new Builder()) > .Function("k") > .End() > .Code() >- .Function("h", { params: ["anyref"], ret: "anyref" }) >+ .Function("h", { params: ["anyref"], ret: "anyref" }, ["anyref"]) > .GetLocal(0) >+ .SetLocal(1) >+ .GetLocal(1) > .End() > > .Function("i", { params: [], ret: "anyref" })
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370900">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198355
:
370900
|
370911
|
370914
|
370925
|
370950