Bug 601355 - follow up bug 587707. Crashes consistently at start-up except if JM is disabled or in safe mode. r=bhackett1024, r=dvander
authorMakoto Kato <m_kato@ga2.so-net.ne.jp>
Tue, 05 Oct 2010 12:14:44 +0900
changeset 55506 be563f9b1578ca350bd4876601b39f0707fd1cd8
parent 55505 4bb4426eceef22835c800eda582fcfd0e01eec66
child 55507 656f4f2bbc2df3256ac0a085742ea7f945f1522c
push id16269
push userjst@mozilla.com
push dateThu, 14 Oct 2010 01:40:35 +0000
treeherdermozilla-central@29c228a4d7eb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett1024, dvander
bugs601355, 587707
milestone2.0b7pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 601355 - follow up bug 587707. Crashes consistently at start-up except if JM is disabled or in safe mode. r=bhackett1024, r=dvander
js/src/methodjit/TrampolineMasmX64.asm
--- a/js/src/methodjit/TrampolineMasmX64.asm
+++ b/js/src/methodjit/TrampolineMasmX64.asm
@@ -153,17 +153,17 @@ throwpoline_exit:
 JaegerThrowpoline ENDP
 
 
 
 ; void InjectJaegerReturn();
 InjectJaegerReturn PROC FRAME
     .ENDPROLOG
     mov     rcx, qword ptr [rbx+30h] ; load fp->rval_ into typeReg
-    mov     rax, qword ptr [rbx+50h] ; fp->ncode_
+    mov     rax, qword ptr [rbx+28h] ; fp->ncode_
 
     ; Reimplementation of PunboxAssembler::loadValueAsComponents()
     mov     rdx, r14
     and     rdx, rcx
     xor     rcx, rdx
 
     ; For Windows x64 stub calls, we pad the stack by 32 before
     ; calling, so we must account for that here. See doStubCall.