Closed
Bug 1401209
Opened 7 years ago
Closed 7 years ago
Avoid UB in Interpreter's JSOP_LSH implementation
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla58
Tracking | Status | |
---|---|---|
firefox57 | --- | fix-optional |
firefox58 | --- | fixed |
People
(Reporter: anba, Assigned: anba)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
1.97 KB,
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
As reported in bug 1367146:
/home/marxin/Programming/gecko-dev/js/src/vm/Interpreter.cpp:2533:5: runtime error: left shift of negative value -172304066
/home/marxin/Programming/gecko-dev/js/src/vm/Interpreter.cpp:2533:5: runtime error: left shift of 768433401 by 6 places cannot be represented in type 'int'
the JSOP_LSH implementation in vm/Interpreter.cpp can cause UB.
Assignee | ||
Comment 1•7 years ago
|
||
One day we should probably look into removing the duplicate implementations for the shift and bitwise operations [1-3], but today is not that day. :-)
[1] http://searchfox.org/mozilla-central/rev/1c13d5cf85f904afb8976c02a80daa252b893fca/js/src/vm/Interpreter.cpp#2520-2538
[2] http://searchfox.org/mozilla-central/rev/1c13d5cf85f904afb8976c02a80daa252b893fca/js/src/vm/Interpreter.cpp#2392-2414
[3] http://searchfox.org/mozilla-central/rev/1c13d5cf85f904afb8976c02a80daa252b893fca/js/src/vm/Interpreter-inl.h#748-796
Attachment #8909810 -
Flags: review?(jdemooij)
Comment 2•7 years ago
|
||
Comment on attachment 8909810 [details] [diff] [review]
bug1401209.patch
Review of attachment 8909810 [details] [diff] [review]:
-----------------------------------------------------------------
LGTM!
Attachment #8909810 -
Flags: review?(jdemooij) → review+
Updated•7 years ago
|
Priority: -- → P3
Updated•7 years ago
|
Assignee | ||
Comment 3•7 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=870329d65fc96d37befc13269ffca15d95693ef1
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0249f8e3d480
Avoid UBSan errors in Interpreter's JSOP_LSH implementation. r=jandem
Keywords: checkin-needed
Comment 5•7 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in
before you can comment on or make changes to this bug.
Description
•