Closed Bug 1401191 Opened 5 years ago Closed 5 years ago
Op::end Cycle Type _ to silence UBSan warning
MoveOp::endCycleType_ is not initialized in the constructor, so when we copy MoveOps in http://searchfox.org/mozilla-central/rev/1c13d5cf85f904afb8976c02a80daa252b893fca/js/src/jit/MoveResolver.cpp#310,326,346 , we may end up accessing an initialized MoveOp::endCycleType_.
I haven't tested this (except for a small C++ standalone program to ensure uninitialized members can cause UBSan errors when copied in default copy-constructors), but it seems that this caused the UBSan error mentioned in the log in bug 1367146.
Attachment #8909784 - Flags: review?(nicolas.b.pierron)
Attachment #8909784 - Flags: review?(nicolas.b.pierron) → review+
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/7f85cf90d6f9 Initialize MoveOp::endCycleType_ to silence UBSan warning. r=nbp
You need to log in before you can comment on or make changes to this bug.