[Webkit-unassigned] [Bug 171278] New: lowerStackArgs: check Arg::addr.isValidForm when falling back to SP offsets

Tue Apr 25 09:49:08 PDT 2017

https://bugs.webkit.org/show_bug.cgi?id=171278

            Bug ID: 171278
           Summary: lowerStackArgs: check Arg::addr.isValidForm when
                    falling back to SP offsets
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jfbastien at apple.com
                CC: fpizlo at apple.com, jfbastien at apple.com,
                    keith_miller at apple.com, mark.lam at apple.com,
                    msaboff at apple.com, sbarati at apple.com
            Blocks: 170215

lowerStackArgs checks that the FP offsets it tries to generate are valid form, but doesn't check that the fallback is valid form. This leads to stackAddr's assertion being dead, and the MaroAssembler asserting way later on move / add when handed a huge immediate.

Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=170215
[Bug 170215] WebAssembly: Air::Inst::generate crashes on large binary on A64
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170425/9986b0d1/attachment.html>