Closed
Bug 1695595
Opened 5 years ago
Closed 4 years ago
`PoisonImpl` on 32-bit debug build should check num==0 before filling leading not-aligned part
Categories
(Core :: JavaScript Engine, task, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
88 Branch
| Tracking | Status | |
|---|---|---|
| firefox88 | --- | fixed |
People
(Reporter: arai, Assigned: arai)
Details
Attachments
(1 file)
a logic bug introduced by bug 1682584 patch, but the case isn't hit in the current code base.
and also this issue happens only on debug build.
on 32-bit debug build, PoisonImpl try to fill not-8-bytes-aligned leading 4 bytes,
but the calculation doesn't handle num==0 case properly, and that results in filling unexpected memory part.
|
Assignee | |
Comment 1•5 years ago
|
||
|
||
Updated•5 years ago
|
Attachment #9206033 -
Attachment description: Bug 1695595 - Do not try to poison leading unaligned bytes separately if num < 4. r?jonco! → Bug 1695595 - Do not poison leading unaligned 4 bytes if num < 4. r?jonco!
Pushed by arai_a@mac.com:
https://hg.mozilla.org/integration/autoland/rev/367ac39ece7b
Do not poison leading unaligned 4 bytes if num < 4. r=jonco
|
||
Comment 3•4 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox88:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 88 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•