Closed Bug 1401209 Opened 4 years ago Closed 4 years ago

Avoid UB in Interpreter's JSOP_LSH implementation

Categories

(Core :: JavaScript Engine, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla58
Tracking Status
firefox57 --- fix-optional
firefox58 --- fixed

People

(Reporter: anba, Assigned: anba)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

As reported in bug 1367146:

/home/marxin/Programming/gecko-dev/js/src/vm/Interpreter.cpp:2533:5: runtime error: left shift of negative value -172304066
/home/marxin/Programming/gecko-dev/js/src/vm/Interpreter.cpp:2533:5: runtime error: left shift of 768433401 by 6 places cannot be represented in type 'int'

the JSOP_LSH implementation in vm/Interpreter.cpp can cause UB.
Comment on attachment 8909810 [details] [diff] [review]
bug1401209.patch

Review of attachment 8909810 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM!
Attachment #8909810 - Flags: review?(jdemooij) → review+
Priority: -- → P3
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0249f8e3d480
Avoid UBSan errors in Interpreter's JSOP_LSH implementation. r=jandem
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/0249f8e3d480
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.