diff options
author | Lars T Hansen <lhansen@mozilla.com> | 2019-05-25 15:41:06 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-05-25 15:41:06 +0200 |
commit | a24d62130932b8104f931f925288d3abc9105684 (patch) | |
tree | 2f519e282a21e0484c98f17d5c2066b900c145a2 | |
parent | 80eb8e08dd20fd18e841f8c813947cfb8cbbc4e5 (diff) | |
download | UXP-a24d62130932b8104f931f925288d3abc9105684.tar UXP-a24d62130932b8104f931f925288d3abc9105684.tar.gz UXP-a24d62130932b8104f931f925288d3abc9105684.tar.lz UXP-a24d62130932b8104f931f925288d3abc9105684.tar.xz UXP-a24d62130932b8104f931f925288d3abc9105684.zip |
[js, ARM] Always check error return from BufferOffset::diffB.
We were missing error checks at two points. In one case an error return
is meaningful; in another case it is not, as the problem should have
been guarded against at a higher level by emitting far jump islands soon
enough during pasteup of compiled code.
-rw-r--r-- | js/src/jit/arm/Assembler-arm.cpp | 7 | ||||
-rw-r--r-- | js/src/jit/arm/MacroAssembler-arm.cpp | 5 |
2 files changed, 10 insertions, 2 deletions
diff --git a/js/src/jit/arm/Assembler-arm.cpp b/js/src/jit/arm/Assembler-arm.cpp index 2830f0695..1e20da1c8 100644 --- a/js/src/jit/arm/Assembler-arm.cpp +++ b/js/src/jit/arm/Assembler-arm.cpp @@ -2401,7 +2401,12 @@ Assembler::as_b(Label* l, Condition c) if (oom()) return BufferOffset(); - as_b(BufferOffset(l).diffB<BOffImm>(ret), c, ret); + BOffImm off = BufferOffset(l).diffB<BOffImm>(ret); + if (off.isInvalid()) { + m_buffer.fail_bail(); + return BufferOffset(); + } + as_b(off, c, ret); #ifdef JS_DISASM_ARM spewBranch(m_buffer.getInstOrNull(ret), l); #endif diff --git a/js/src/jit/arm/MacroAssembler-arm.cpp b/js/src/jit/arm/MacroAssembler-arm.cpp index d40578514..a4161ab00 100644 --- a/js/src/jit/arm/MacroAssembler-arm.cpp +++ b/js/src/jit/arm/MacroAssembler-arm.cpp @@ -5012,7 +5012,10 @@ void MacroAssembler::patchCall(uint32_t callerOffset, uint32_t calleeOffset) { BufferOffset inst(callerOffset - 4); - as_bl(BufferOffset(calleeOffset).diffB<BOffImm>(inst), Always, inst); + BOffImm off = BufferOffset(calleeOffset).diffB<BOffImm>(inst); + MOZ_RELEASE_ASSERT(!off.isInvalid(), + "Failed to insert necessary far jump islands"); + as_bl(off, Always, inst); } CodeOffset |