Changeset 195502 in webkit


Ignore:
Timestamp:
Jan 22, 2016 6:10:17 PM (8 years ago)
Author:
sbarati@apple.com
Message:

genericUnwind might overflow the instructions() vector when catching an FTL exception
https://bugs.webkit.org/show_bug.cgi?id=153383

Reviewed by Benjamin Poulain.

  • jit/JITExceptions.cpp:

(JSC::genericUnwind):

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r195488 r195502  
     12016-01-22  Saam barati  <sbarati@apple.com>
     2
     3        genericUnwind might overflow the instructions() vector when catching an FTL exception
     4        https://bugs.webkit.org/show_bug.cgi?id=153383
     5
     6        Reviewed by Benjamin Poulain.
     7
     8        * jit/JITExceptions.cpp:
     9        (JSC::genericUnwind):
     10
    1112016-01-22  Mark Lam  <mark.lam@apple.com>
    212

  • trunk/Source/JavaScriptCore/jit/JITExceptions.cpp

    r191455 r195502  
    5959    if (handler) {
    6060        // handler->target is meaningless for getting a code offset when catching
    61         // the exception in a DFG frame. This bytecode target offset could be
     61        // the exception in a DFG/FTL frame. This bytecode target offset could be
    6262        // something that's in an inlined frame, which means an array access
    6363        // with this bytecode offset in the machine frame is utterly meaningless
    6464        // and can cause an overflow. OSR exit properly exits to handler->target
    6565        // in the proper frame.
    66         if (callFrame->codeBlock()->jitType() != JITCode::DFGJIT)
     66        if (!JITCode::isOptimizingJIT(callFrame->codeBlock()->jitType()))
    6767            catchPCForInterpreter = &callFrame->codeBlock()->instructions()[handler->target];
    6868#if ENABLE(JIT)
Note: See TracChangeset for help on using the changeset viewer.