[webkit-reviews] review granted: [Bug 182419] Fix broken bounds check in FTL's compileGetMyArgumentByVal(). : [Attachment 332937] proposed patch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 1 21:01:19 PST 2018
Saam Barati <sbarati at apple.com> has granted Mark Lam <mark.lam at apple.com>'s
request for review:
Bug 182419: Fix broken bounds check in FTL's compileGetMyArgumentByVal().
https://bugs.webkit.org/show_bug.cgi?id=182419
Attachment 332937: proposed patch.
https://bugs.webkit.org/attachment.cgi?id=332937&action=review
--- Comment #2 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 332937
--> https://bugs.webkit.org/attachment.cgi?id=332937
proposed patch.
View in context: https://bugs.webkit.org/attachment.cgi?id=332937&action=review
r=me
> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:4023
> + CheckValue* check = m_out.speculateAdd(indexToCheck,
m_out.constInt32(m_node->numberOfArgumentsToSkip()));
It’d be great to get a test that triggers this overflow
More information about the webkit-reviews
mailing list