[Webkit-unassigned] [Bug 20340] SegmentedVector segment allocations can lead to unsafe use of temporary registers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Aug 10 04:49:14 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=20340
------- Comment #1 from cwzwarich at uwaterloo.ca 2008-08-10 04:49 PDT -------
The natural fix for this isn't very hard, but it is a bit ugly. In any correct
emitCode() method, we will only have one unref'd temporary by the returning
call to emit an opcode. Otherwise, there is an even worse correctness issue. In
this case, the call to generator.finalDestination() can either take a second
argument or leave it blank.
If it is left blank, then we could simply pass the unref'd temporary as the
second argument.
If there is an argument, then it is either the temporary in question (in which
case we are okay) or a ref'd register, which might not be a temporary. In this
case, it seems we could just replace the second argument with our unref'd
temporary and we'd be okay.
This should work, but the style seems sub-optimal.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list