Changeset 110443 in webkit


Ignore:
Timestamp:
Mar 12, 2012 10:31:26 AM (12 years ago)
Author:
commit-queue@webkit.org
Message:

Integer overflow check code in arithmetic operation in classic interpreter
https://bugs.webkit.org/show_bug.cgi?id=80465

Patch by SangGyu Lee <sg5.lee@samsung.com> on 2012-03-12
Reviewed by Gavin Barraclough.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::privateExecute):

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r110430 r110443  
     12012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
     2
     3        Integer overflow check code in arithmetic operation in classic interpreter
     4        https://bugs.webkit.org/show_bug.cgi?id=80465
     5
     6        Reviewed by Gavin Barraclough.
     7
     8        * interpreter/Interpreter.cpp:
     9        (JSC::Interpreter::privateExecute):
     10
    1112012-03-12  Zeno Albisser  <zeno@webkit.org>
    212

  • trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

    r109866 r110443  
    23532353        JSValue src1 = callFrame->r(vPC[2].u.operand).jsValue();
    23542354        JSValue src2 = callFrame->r(vPC[3].u.operand).jsValue();
    2355         if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | (src2.asInt32() & 0xc0000000))) // no overflow
     2355        if (src1.isInt32() && src2.isInt32() && !((src1.asInt32() | src2.asInt32()) & 0xc0000000)) // no overflow
    23562356            callFrame->uncheckedR(dst) = jsNumber(src1.asInt32() + src2.asInt32());
    23572357        else {
     
    23722372        JSValue src1 = callFrame->r(vPC[2].u.operand).jsValue();
    23732373        JSValue src2 = callFrame->r(vPC[3].u.operand).jsValue();
    2374         if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32() >> 15)) // no overflow
     2374        if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32()) >> 15) // no overflow
    23752375                callFrame->uncheckedR(dst) = jsNumber(src1.asInt32() * src2.asInt32());
    23762376        else {
     
    24402440        JSValue src1 = callFrame->r(vPC[2].u.operand).jsValue();
    24412441        JSValue src2 = callFrame->r(vPC[3].u.operand).jsValue();
    2442         if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | (src2.asInt32() & 0xc0000000))) // no overflow
     2442        if (src1.isInt32() && src2.isInt32() && !((src1.asInt32() | src2.asInt32()) & 0xc0000000)) // no overflow
    24432443            callFrame->uncheckedR(dst) = jsNumber(src1.asInt32() - src2.asInt32());
    24442444        else {
Note: See TracChangeset for help on using the changeset viewer.