Bug 526070 - lirasm call argument ordering bug, r=dvander.
authorGraydon Hoare <graydon@mozilla.com>
Mon, 02 Nov 2009 17:10:27 -0800
changeset 34575 280561a45b766e4bd6d5dcfe3035e455e72329cb
parent 34574 b64f119567bfb3812242246b51f8247ec41f7559
child 34576 34f7de7463c0cbe104ab79555b70d82351627895
push idunknown
push userunknown
push dateunknown
reviewersdvander
bugs526070
milestone1.9.3a1pre
Bug 526070 - lirasm call argument ordering bug, r=dvander.
js/src/lirasm/lirasm.cpp
--- a/js/src/lirasm/lirasm.cpp
+++ b/js/src/lirasm/lirasm.cpp
@@ -596,16 +596,17 @@ FragmentAssembler::assemble_load()
 }
 
 LIns *
 FragmentAssembler::assemble_call(const string &op)
 {
     CallInfo *ci = new (mParent.mAlloc) CallInfo();
     mCallInfos.push_back(ci);
     LIns *args[MAXARGS];
+    memset(&args[0], 0, sizeof(args));
 
     // Assembler syntax for a call:
     //
     //   call 0x1234 fastcall a b c
     //
     // requires at least 2 args,
     // fn address immediate and ABI token.
 
@@ -653,17 +654,17 @@ FragmentAssembler::assemble_call(const s
         // type) from the call site.
         int ty;
 
         ci->_abi = _abi;
 
         ci->_argtypes = 0;
         size_t argc = mTokens.size();
         for (size_t i = 0; i < argc; ++i) {
-            args[argc - (i+1)] = ref(mTokens[i]);   // args[] is in reverse order!
+            args[i] = ref(mTokens[mTokens.size() - (i+1)]);
             if      (args[i]->isFloat()) ty = ARGSIZE_F;
             else if (args[i]->isQuad())  ty = ARGSIZE_Q;
             else                         ty = ARGSIZE_I;
             // Nb: i+1 because argMask() uses 1-based arg counting.
             ci->_argtypes |= argMask(ty, i+1, argc);
         }
 
         // Select return type from opcode.