Changeset 90731 in webkit
- Timestamp:
- Jul 11, 2011 3:31:20 AM (13 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
assembler/ARMAssembler.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r90688 r90731 1 2011-07-11 Gabor Loki <loki@webkit.org> 2 3 Signed arithmetic bug in dataTransfer32. 4 https://bugs.webkit.org/show_bug.cgi?id=64257 5 6 Reviewed by Zoltan Herczeg. 7 8 An arithmetic bug is fixed. If the offset of dataTransfer is half of the 9 addressable memory space on a 32-bit machine (-2147483648 = 0x80000000) 10 a load instruction is emitted with a wrong zero offset. 11 12 Inspired by Jacob Bramley's patch from JaegerMonkey. 13 14 * assembler/ARMAssembler.cpp: 15 (JSC::ARMAssembler::dataTransfer32): 16 1 17 2011-07-09 Thouraya Andolsi <thouraya.andolsi@st.com> 2 18 -
trunk/Source/JavaScriptCore/assembler/ARMAssembler.cpp
r87527 r90731 277 277 } 278 278 } else { 279 offset = -offset; 280 if (offset <= 0xfff) 281 dtr_d(isLoad, srcDst, base, offset | transferFlag); 282 else if (offset <= 0xfffff) { 283 sub_r(ARMRegisters::S0, base, OP2_IMM | (offset >> 12) | (10 << 8)); 284 dtr_d(isLoad, srcDst, ARMRegisters::S0, (offset & 0xfff) | transferFlag); 279 if (offset >= -0xfff) 280 dtr_d(isLoad, srcDst, base, -offset | transferFlag); 281 else if (offset >= -0xfffff) { 282 sub_r(ARMRegisters::S0, base, OP2_IMM | (-offset >> 12) | (10 << 8)); 283 dtr_d(isLoad, srcDst, ARMRegisters::S0, (-offset & 0xfff) | transferFlag); 285 284 } else { 286 285 moveImm(offset, ARMRegisters::S0); 287 dtr_ dr(isLoad, srcDst, base, ARMRegisters::S0 | transferFlag);286 dtr_ur(isLoad, srcDst, base, ARMRegisters::S0 | transferFlag); 288 287 } 289 288 }
Note: See TracChangeset
for help on using the changeset viewer.
