Verify range against previous stub when linking getter PIC stubs, bug 688090. r=dvander
authorBrian Hackett <bhackett1024@gmail.com>
Tue, 20 Sep 2011 21:33:35 -0700
changeset 77188 e8bd19f6abbb6b8158eea2c248c46afd23f42ea2
parent 77187 2d29d3a3b31401d35da68c85f8a5da3a027cbcdb
child 77235 3178f1c42505399684958eb839ff2de1efaca965
push id21186
push userbhackett@mozilla.com
push dateWed, 21 Sep 2011 04:34:31 +0000
treeherdermozilla-central@e8bd19f6abbb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdvander
bugs688090
milestone9.0a1
first release with
nightly linux32
e8bd19f6abbb / 9.0a1 / 20110921030906 / files
nightly linux64
e8bd19f6abbb / 9.0a1 / 20110921030906 / files
nightly mac
e8bd19f6abbb / 9.0a1 / 20110921030906 / files
nightly win32
e8bd19f6abbb / 9.0a1 / 20110921030906 / files
nightly win64
e8bd19f6abbb / 9.0a1 / 20110921030906 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Verify range against previous stub when linking getter PIC stubs, bug 688090. r=dvander
js/src/methodjit/PolyIC.cpp
--- a/js/src/methodjit/PolyIC.cpp
+++ b/js/src/methodjit/PolyIC.cpp
@@ -1229,17 +1229,18 @@ class GetPropCompiler : public PICStubCo
 
         NativeStubLinker::FinalJump done;
         if (!NativeStubEpilogue(f, masm, &done, 0, vpOffset, pic.shapeReg, pic.objReg))
             return;
         NativeStubLinker linker(masm, f.jit(), f.regs.pc, done);
         if (!linker.init(f.cx))
             THROW();
 
-        if (!linker.verifyRange(f.jit())) {
+        if (!linker.verifyRange(pic.lastCodeBlock(f.jit())) ||
+            !linker.verifyRange(f.jit())) {
             disable("code memory is out of range");
             return;
         }
 
         linker.patchJump(pic.fastPathRejoin);
 
         linkerEpilogue(linker, start, shapeMismatches);
     }