Closed
Bug 959932
Opened 10 years ago
Closed 10 years ago
Fix some unsafe address issues in js/src/vm
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla29
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
3.50 KB,
patch
|
sfink
:
review+
|
Details | Diff | Splinter Review |
This does not fix the StackShape bits in GlobalObject or Shape, or the PropDesc stuff in ObjectImpl, because I'm not sure what the right fixes are there.
Assignee | ||
Comment 1•10 years ago
|
||
Attachment #8360202 -
Flags: review?(sphink)
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Comment 2•10 years ago
|
||
Comment on attachment 8360202 [details] [diff] [review] Fix some unsafe address issues in js/src/vm. Review of attachment 8360202 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/vm/Interpreter.cpp @@ +84,5 @@ > #endif > LooseEqualityOp(JSContext *cx, FrameRegs ®s) > { > + HandleValue rval = HandleValue::fromMarkedLocation(®s.sp[-1]); > + HandleValue lval = HandleValue::fromMarkedLocation(®s.sp[-2]); regs.stackHandleAt(-1) and (-2), please.
Attachment #8360202 -
Flags: review?(sphink) → review+
Assignee | ||
Comment 3•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/1860fe32a32e with that change; thanks for pointing out the sane API!
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla29
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/1860fe32a32e
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•