Closed Bug 959932 Opened 10 years ago Closed 10 years ago

Fix some unsafe address issues in js/src/vm

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla29

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Fix some unsafe address issues in js/src/vm.
3.50 KB, patch
sfink
: review+
Details | Diff | Splinter Review 
This does not fix the StackShape bits in GlobalObject or Shape, or the PropDesc stuff in ObjectImpl, because I'm not sure what the right fixes are there.
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Comment on attachment 8360202 [details] [diff] [review]
Fix some unsafe address issues in js/src/vm.

Review of attachment 8360202 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/vm/Interpreter.cpp
@@ +84,5 @@
>  #endif
>  LooseEqualityOp(JSContext *cx, FrameRegs &regs)
>  {
> +    HandleValue rval = HandleValue::fromMarkedLocation(&regs.sp[-1]);
> +    HandleValue lval = HandleValue::fromMarkedLocation(&regs.sp[-2]);

regs.stackHandleAt(-1) and (-2), please.
Attachment #8360202 - Flags: review?(sphink) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/1860fe32a32e with that change; thanks for pointing out the sane API!
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla29
https://hg.mozilla.org/mozilla-central/rev/1860fe32a32e
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: