[Webkit-unassigned] [Bug 137955] Crashes in WinCairo 64-bit
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 3 11:04:18 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=137955
--- Comment #3 from peavo at outlook.com ---
This is a long shot, but I've noticed that there is missing a stack allocation for parameters in CallEdgeProfile.cpp:
Index: bytecode/CallEdgeProfile.cpp
===================================================================
--- bytecode/CallEdgeProfile.cpp (revisjon 176518)
+++ bytecode/CallEdgeProfile.cpp (arbeidskopi)
@@ -310,9 +310,15 @@
jit.subPtr(CCallHelpers::TrustedImm32(stackAlignmentBytes()), CCallHelpers::stackPointerRegister);
jit.storeValue(calleeRegs, CCallHelpers::Address(CCallHelpers::stackPointerRegister, sizeof(JSValue)));
+#if OS(WINDOWS) && CPU(X86_64)
+ jit.sub64(CCallHelpers::TrustedImm32(4 * sizeof(int64_t)), X86Registers::esp);
+#endif
jit.setupArguments(CCallHelpers::TrustedImmPtr(this));
jit.move(CCallHelpers::TrustedImmPtr(bitwise_cast<void*>(operationProcessCallEdgeLog)), GPRInfo::nonArgGPR0);
jit.call(GPRInfo::nonArgGPR0);
+#if OS(WINDOWS) && CPU(X86_64)
+ jit.add64(CCallHelpers::TrustedImm32(4 * sizeof(int64_t)), X86Registers::esp);
+#endif
jit.loadValue(CCallHelpers::Address(CCallHelpers::stackPointerRegister, sizeof(JSValue)), calleeRegs);
jit.addPtr(CCallHelpers::TrustedImm32(stackAlignmentBytes()), CCallHelpers::stackPointerRegister);
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141203/e16fe9a1/attachment-0002.html>
More information about the webkit-unassigned
mailing list