commit a248a86571775fc8c25d29e90cf015cfc7b34358 Author: Douglas Crosher <dtc-moz@scieneer.com> Date: Fri Mar 21 14:27:31 2014 +1100 Bug 919592 - Ionmonkey (ARM): Guard against branches being out of range and bail out of compilation if so. r=mjrosenb, a=sledru --- js/src/jit/arm/Assembler-arm.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/js/src/jit/arm/Assembler-arm.cpp b/js/src/jit/arm/Assembler-arm.cpp index 57a3aa2..9969d22 100644 --- a/js/src/jit/arm/Assembler-arm.cpp +++ b/js/src/jit/arm/Assembler-arm.cpp @@ -1851,6 +1851,10 @@ Assembler::as_b(Label *l, Condition c, bool isPatchable) old = l->offset(); // This will currently throw an assertion if we couldn't actually // encode the offset of the branch. + if (!BOffImm::isInRange(old)) { + m_buffer.bail(); + return ret; + } ret = as_b(BOffImm(old), c, isPatchable); } else { old = LabelBase::INVALID_OFFSET; @@ -1910,6 +1914,10 @@ Assembler::as_bl(Label *l, Condition c) // This will currently throw an assertion if we couldn't actually // encode the offset of the branch. old = l->offset(); + if (!BOffImm::isInRange(old)) { + m_buffer.bail(); + return ret; + } ret = as_bl(BOffImm(old), c); } else { old = LabelBase::INVALID_OFFSET;