171278 – lowerStackArgs: check Arg::addr.isValidForm when falling back to SP offsets

RESOLVED FIXED 171278

lowerStackArgs: check Arg::addr.isValidForm when falling back to SP offsets

https://bugs.webkit.org/show_bug.cgi?id=171278

Summary lowerStackArgs: check Arg::addr.isValidForm when falling back to SP offsets

JF Bastien

Reported 2017-04-25 09:49:08 PDT

lowerStackArgs checks that the FP offsets it tries to generate are valid form, but doesn't check that the fallback is valid form. This leads to stackAddr's assertion being dead, and the MaroAssembler asserting way later on move / add when handed a huge immediate.

Attachments
patch (1.88 KB, patch) 2017-04-25 09:51 PDT, JF Bastien	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

JF Bastien

Comment 1 2017-04-25 09:51:44 PDT

Created attachment 308108 [details] patch

WebKit Commit Bot

Comment 2 2017-04-25 10:36:05 PDT

Comment on attachment 308108 [details] patch Clearing flags on attachment: 308108 Committed r215743: <http://trac.webkit.org/changeset/215743>

WebKit Commit Bot

Comment 3 2017-04-25 10:36:06 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

JF Bastien

Reported

2017-04-25 09:49 PDT

Modified

2017-04-25 10:36 PDT History

CC List

7 users Show

URL

Keywords

Depends on

Blocks

170215

Dependencies

tree graph