Closed
Bug 1510334
Opened 5 years ago
Closed 5 years ago
Lower LMulI and fix register corruption
Categories
(Core :: JavaScript Engine: JIT, enhancement, P2)
Tracking
()
RESOLVED
FIXED
mozilla65
Tracking | Status | |
---|---|---|
firefox65 | --- | fixed |
People
(Reporter: sstangl, Assigned: sstangl)
References
Details
Attachments
(1 file, 1 obsolete file)
3.98 KB,
patch
|
nbp
:
review+
|
Details | Diff | Splinter Review |
This patch fixes arguments/args2d.js. In the case of multiplication by small constants, visitMulI() would mutate a register assumed to be unchanged, and then fail to write to the destination register, usually exposing some stack addresses. This isn't a security issue because we don't ship IonMonkey on ARM64.
Attachment #9027947 -
Flags: review?(jitbugs)
Updated•5 years ago
|
status-firefox65:
--- → fix-optional
Priority: -- → P2
Updated•5 years ago
|
Attachment #9027947 -
Flags: review?(jitbugs) → review?(nicolas.b.pierron)
Assignee | ||
Comment 1•5 years ago
|
||
Rebased on top of Gecko style changes.
Attachment #9027947 -
Attachment is obsolete: true
Attachment #9027947 -
Flags: review?(nicolas.b.pierron)
Attachment #9028972 -
Flags: review?(nicolas.b.pierron)
Updated•5 years ago
|
Attachment #9027947 -
Attachment is obsolete: false
Updated•5 years ago
|
Attachment #9027947 -
Attachment is obsolete: true
Updated•5 years ago
|
Attachment #9028972 -
Flags: review?(nicolas.b.pierron) → review+
Assignee | ||
Updated•5 years ago
|
Keywords: checkin-needed
Pushed by ccoroiu@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/beea2dd156f7 Lower LMulI and fix register corruption. Fixes arguments/args2d.js. r=nbp
Keywords: checkin-needed
Comment 3•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/beea2dd156f7
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in
before you can comment on or make changes to this bug.
Description
•