Changeset 122208 in webkit

Timestamp:

Jul 10, 2012 2:36:13 AM (12 years ago)

Author:

Csaba Osztrogonác

Message:

REGRESSION(r122166): It made 170 tests crash on 32 bit platforms
​https://bugs.webkit.org/show_bug.cgi?id=90852

Patch by Filip Pizlo <​fpizlo@apple.com> on 2012-07-10
Reviewed by Zoltan Herczeg.

If we can't use the range filter, we should still make sure that the
address is remotely sane, otherwise the hashtables will assert.

• jit/JITStubRoutine.h:

(JSC::JITStubRoutine::passesFilter):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• jit/JITStubRoutine.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2012-07-10  Filip Pizlo  <fpizlo@apple.com>
+
+        REGRESSION(r122166): It made 170 tests crash on 32 bit platforms
+        https://bugs.webkit.org/show_bug.cgi?id=90852
+
+        Reviewed by Zoltan Herczeg.
+        
+        If we can't use the range filter, we should still make sure that the
+        address is remotely sane, otherwise the hashtables will assert.
+
+        * jit/JITStubRoutine.h:
+        (JSC::JITStubRoutine::passesFilter):
+
 2012-07-10  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/jit/JITStubRoutine.h

@@ -131 +131 @@
     static bool passesFilter(uintptr_t address)
     {
-        if (!canPerformRangeFilter())
-            return true;
+        if (!canPerformRangeFilter()) {
+            // Just check that the address doesn't use any special values that would make
+            // our hashtables upset.
+            return address >= jitAllocationGranule && address != std::numeric_limits<uintptr_t>::max();
+        }
         
         if (address - filteringStartAddress() >= filteringExtentSize())