Changeset 165426 in webkit


Ignore:
Timestamp:
Mar 10, 2014 9:06:31 PM (10 years ago)
Author:
mark.lam@apple.com
Message:

Crash on a stack overflow on 32-bit x86 in http/tests/websocket/tests/hybi/workers/no-onmessage-in-sync-op.html.
<https://webkit.org/b/129955>

Reviewed by Geoffrey Garen.

The 32-bit x86 version of getHostCallReturnValue() was leaking 16 bytes
stack memory every time it was called. This is now fixed.

  • jit/JITOperations.cpp:
Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r165424 r165426  
     12014-03-10  Mark Lam  <mark.lam@apple.com>
     2
     3        Crash on a stack overflow on 32-bit x86 in http/tests/websocket/tests/hybi/workers/no-onmessage-in-sync-op.html.
     4        <https://webkit.org/b/129955>
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        The 32-bit x86 version of getHostCallReturnValue() was leaking 16 bytes
     9        stack memory every time it was called.  This is now fixed.
     10
     11        * jit/JITOperations.cpp:
     12
    1132014-03-10  Joseph Pecoraro  <pecoraro@apple.com>
    214

  • trunk/Source/JavaScriptCore/jit/JITOperations.cpp

    r165208 r165426  
    18311831HIDE_SYMBOL(getHostCallReturnValue) "\n"
    18321832SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
    1833     "mov (%esp), %eax\n"
    18341833    "push %ebp\n"
    18351834    "leal -4(%esp), %esp\n"
    18361835    "push %ebp\n"
    1837     "push %eax\n"
    1838     "jmp " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
     1836    "call " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
     1837    "leal 8(%esp), %esp\n"
     1838    "pop %ebp\n"
     1839    "ret\n"
    18391840);
    18401841
Note: See TracChangeset for help on using the changeset viewer.