From 980b7e4da5d80f09cf805674b8822b260870b8d3 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Tue, 23 Oct 2018 09:44:24 +0200
Subject: Improve graph edge resolution code.

This is a follow-up to ca7ecd37c94e268972697a37eec4e46771c6e6f2 further improving the DiD resolution for CVE-2018-12386.
---
 js/src/jit-test/tests/ion/bug1493900-1.js | 17 +++++++++++++++++
 js/src/jit-test/tests/ion/bug1493900-2.js |  7 +++++++
 2 files changed, 24 insertions(+)
 create mode 100644 js/src/jit-test/tests/ion/bug1493900-1.js
 create mode 100644 js/src/jit-test/tests/ion/bug1493900-2.js

(limited to 'js/src/jit-test/tests')

diff --git a/js/src/jit-test/tests/ion/bug1493900-1.js b/js/src/jit-test/tests/ion/bug1493900-1.js
new file mode 100644
index 000000000..643c1943d
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug1493900-1.js
@@ -0,0 +1,17 @@
+function f() {
+    var objs = [];
+    for (var i = 0; i < 100; i++) {
+        objs[i] = {};
+    }
+    var o = objs[0];
+    var a = new Float64Array(1024);
+    function g(a, b) {
+        let p = b;
+        for (; p.x < 0; p = p.x) {
+            while (p === p) {}
+        }
+        for (var i = 0; i < 10000; ++i) {}
+    }
+    g(a, o);
+}
+f();
diff --git a/js/src/jit-test/tests/ion/bug1493900-2.js b/js/src/jit-test/tests/ion/bug1493900-2.js
new file mode 100644
index 000000000..7e7f5fdec
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug1493900-2.js
@@ -0,0 +1,7 @@
+function f(a, b) {
+    for (; b.x < 0; b = b.x) {
+        while (b === b) {};
+    }
+    for (var i = 0; i < 99999; ++i) {}
+}
+f(0, 0);
-- 
cgit v1.2.3