Closed Bug 1659051 Opened 5 years ago Closed 5 years ago

emitStringFromCodeResult should handle failure path before discarding the stack

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
firefox81 --- fixed

People

(Reporter: anba, Assigned: anba)

Details

Attachments

(1 file)

Bug 1659051: Take failure path before discarding the stack. r=jandem!
47 bytes, text/x-phabricator-request
Details | Review

The failure path should be handled before discarding the stack. I don't think this can (currently) lead to any issues, but it's easy to trigger crashes when two AutoScratchRegister are added to BaselineCacheIRCompiler::emitStringFromCodeResult and then running it on 32-bit systems.

The test case crashes without this patch when two AutoScratchRegister
are added to BaselineCacheIRCompiler::emitStringFromCodeResult().

Pushed by cbrindusan@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ce9054fff73e Take failure path before discarding the stack. r=jandem

https://hg.mozilla.org/mozilla-central/rev/ce9054fff73e

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox81: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: