Closed Bug 1756839 Opened 3 years ago Closed 3 years ago

Incorrect assembling of instruction cmpb imm8, reg

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
99 Branch
Tracking Flags:
Tracking Status
firefox99 --- fixed

People

(Reporter: lukas.bernhard, Assigned: lukas.bernhard)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1756839 - Fix assembling of cmpb imm8, reg. r=jandem
48 bytes, text/x-phabricator-request
Details | Review

Steps to reproduce:

The cmpb_ir function in BaseAssembler-x86-shared.h uses OP_GROUP1_EvIb instead of OP_GROUP1_EbIb. This causes emission of an unintended instruction, e.g. cmpd 0xffffffff, r8d instead of cmpb 0xff, r8b.
Currently, this code path is never hit (but it might be in the future).

Component: Untriaged → JavaScript Engine: JIT
Product: Firefox → Core
Assignee: nobody → lukas.bernhard
Status: NEW → ASSIGNED
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/72290b9c841c Fix assembling of cmpb imm8, reg. r=jandem

https://hg.mozilla.org/mozilla-central/rev/72290b9c841c

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox99: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: