Bug 171278

Summary: lowerStackArgs: check Arg::addr.isValidForm when falling back to SP offsets
Product: WebKit Reporter: JF Bastien <jfbastien>
Component: JavaScriptCoreAssignee: JF Bastien <jfbastien>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo, jfbastien, keith_miller, mark.lam, msaboff, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 170215    
Attachments:
Description Flags
patch none

JF Bastien
Reported 2017-04-25 09:49:08 PDT
lowerStackArgs checks that the FP offsets it tries to generate are valid form, but doesn't check that the fallback is valid form. This leads to stackAddr's assertion being dead, and the MaroAssembler asserting way later on move / add when handed a huge immediate.
Attachments
patch (1.88 KB, patch)
2017-04-25 09:51 PDT, JF Bastien 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
JF Bastien
Comment 1 2017-04-25 09:51:44 PDT
Created attachment 308108 [details] patch
WebKit Commit Bot
Comment 2 2017-04-25 10:36:05 PDT
Comment on attachment 308108 [details] patch Clearing flags on attachment: 308108 Committed r215743: <http://trac.webkit.org/changeset/215743>
WebKit Commit Bot
Comment 3 2017-04-25 10:36:06 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.