Closed Bug 1401209 Opened 7 years ago Closed 7 years ago

Avoid UB in Interpreter's JSOP_LSH implementation

Categories

(Core :: JavaScript Engine, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla58
Tracking Status
firefox57 --- fix-optional
firefox58 --- fixed

People

(Reporter: anba, Assigned: anba)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

As reported in bug 1367146: /home/marxin/Programming/gecko-dev/js/src/vm/Interpreter.cpp:2533:5: runtime error: left shift of negative value -172304066 /home/marxin/Programming/gecko-dev/js/src/vm/Interpreter.cpp:2533:5: runtime error: left shift of 768433401 by 6 places cannot be represented in type 'int' the JSOP_LSH implementation in vm/Interpreter.cpp can cause UB.
Comment on attachment 8909810 [details] [diff] [review] bug1401209.patch Review of attachment 8909810 [details] [diff] [review]: ----------------------------------------------------------------- LGTM!
Attachment #8909810 - Flags: review?(jdemooij) → review+
Priority: -- → P3
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/0249f8e3d480 Avoid UBSan errors in Interpreter's JSOP_LSH implementation. r=jandem
Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: