Closed
Bug 503618
Opened 15 years ago
Closed 10 years ago
nanojit StackFilter assumes that all SideExits are VMSideExits
Categories
(Core Graveyard :: Nanojit, defect)
Core Graveyard
Nanojit
Tracking
(Not tracked)
RESOLVED
WONTFIX
Future
People
(Reporter: sully, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009060309 Ubuntu/9.04 (jaunty) Firefox/3.0.11 Build Identifier: The function nanojit::StackFilter::getTop (in jstracer.cpp) gets a SideExit * out of a GuardRecord and then casts it to a (VMSideExit *) and accesses fields only present in VMSideExit. It SideExit is not actually a VMSideExit (as is the case with the regexp compiler or my in-progress inline threading work), this can cause problems. If a SideExit falls near the end of a page, accessing the field could cause a crash. Reproducible: Always
|
||
Updated•15 years ago
|
Target Milestone: --- → Future
|
||
Updated•15 years ago
|
Component: JIT Compiler (NanoJIT) → Nanojit
Product: Tamarin → Core
QA Contact: nanojit → nanojit
|
||
Comment 1•10 years ago
|
||
The only reference to SideExit comes from a jit-test. Closing as nanojit is long gone.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
|
Assignee | |
Updated•10 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•