[tor-commits] [tor-browser/esr24] Bug 919592 - Ionmonkey (ARM): Guard against branches being out of range and bail out of compilation if so. r=mjrosenb, a=sledru
mikeperry at torproject.org
mikeperry at torproject.org
Fri Aug 29 05:26:42 UTC 2014
commit a248a86571775fc8c25d29e90cf015cfc7b34358
Author: Douglas Crosher <dtc-moz at scieneer.com>
Date: Fri Mar 21 14:27:31 2014 +1100
Bug 919592 - Ionmonkey (ARM): Guard against branches being out of range and bail out of compilation if so. r=mjrosenb, a=sledru
---
js/src/jit/arm/Assembler-arm.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/js/src/jit/arm/Assembler-arm.cpp b/js/src/jit/arm/Assembler-arm.cpp
index 57a3aa2..9969d22 100644
--- a/js/src/jit/arm/Assembler-arm.cpp
+++ b/js/src/jit/arm/Assembler-arm.cpp
@@ -1851,6 +1851,10 @@ Assembler::as_b(Label *l, Condition c, bool isPatchable)
old = l->offset();
// This will currently throw an assertion if we couldn't actually
// encode the offset of the branch.
+ if (!BOffImm::isInRange(old)) {
+ m_buffer.bail();
+ return ret;
+ }
ret = as_b(BOffImm(old), c, isPatchable);
} else {
old = LabelBase::INVALID_OFFSET;
@@ -1910,6 +1914,10 @@ Assembler::as_bl(Label *l, Condition c)
// This will currently throw an assertion if we couldn't actually
// encode the offset of the branch.
old = l->offset();
+ if (!BOffImm::isInRange(old)) {
+ m_buffer.bail();
+ return ret;
+ }
ret = as_bl(BOffImm(old), c);
} else {
old = LabelBase::INVALID_OFFSET;
More information about the tor-commits
mailing list