[Webkit-unassigned] [Bug 230241] Fix crash in 32 bits due to not enough scratch registers available
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 13 18:22:27 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=230241
--- Comment #3 from Mikhail R. Gadelha <mikhail at igalia.com> ---
I was reading the code in AccessCode.cpp and noticed that there is a check if there are enough registers available in AccessCase::createTransition before calling the code that triggers the error, so maybe the best fix is to improve AccessCase::createTransition so it doesn't allow the fast path if there isn't enough registers available?
Current the check is:
// Skip optimizing the case where we need a realloc, if we don't have
// enough registers to make it happen.
if (GPRInfo::numberOfRegisters < 6
&& oldStructure->outOfLineCapacity() != newStructure->outOfLineCapacity()
&& oldStructure->outOfLineCapacity()) {
return nullptr;
}
Maybe change it to allocator.numberOfSetRegisters()? We don't have any allocator there yet though.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210914/74675d56/attachment.htm>
More information about the webkit-unassigned
mailing list