Closed Bug 476761 Opened 16 years ago Closed 15 years ago

Verifier exception handling code probably needs to call emitKill()

Categories

(Tamarin Graveyard :: Virtual Machine, defect, P2)

Product:
Tamarin Graveyard
Component:
Virtual Machine
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED INVALID
Milestone:
flash10.1

People

(Reporter: stejohns, Assigned: jodyer)

Details

See bug https://bugzilla.mozilla.org/show_bug.cgi?id=473247 : the exception-handling part probably needs to call the jit's emitKill() function when OP_kill is encountered, but adding it causes crashes in some JIT configurations (esp. -Ojit). Someone needs to figure out whether the emitKill() is really necessary, and if so, what's broken in the JIT when it's included.
Status: NEW → ASSIGNED
Flags: flashplayer-qrb+
Target Milestone: --- → flash10.x
Blocks: 478870
No longer blocks: 478870
Priority: -- → P2
It's right as-is; we don’t want to emit any code here, but we want to mark The affected variables as killed so that they are undefined in the catch block. See also the loop near the bottom of CodegenLIR::emitBlockStart(). This was a fix for a security hole I found looking the code and got Werner's help to code up a test and make a fix. Ed
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.