File: jscore_big_endian.diff

package info (click to toggle)
qtwebkit-opensource-src 5.212.0~alpha4-30
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 126,360 kB
  • sloc: cpp: 1,399,204; javascript: 111,961; ansic: 29,742; perl: 19,510; python: 13,364; ruby: 10,299; xml: 9,342; asm: 5,078; yacc: 2,166; lex: 906; sh: 417; makefile: 34
file content (28 lines) | stat: -rw-r--r-- 1,087 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
Description: fix JSCore segmentation fault on 64-bit big endian systems
 In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes
 the property offset as pointer size (hence 64 bit) value:
 .
 2141: instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
 .
 while the same slot is accessed later by the jitted code as 32 bit integer:
 .
 macro getProperty(slow)
    loadisFromInstruction(6, t1)
 .
 This fails on big endian targets since the integer access takes the higher
 part of the 64 bit value.
Origin: backport, https://github.com/webkit/webkit/commit/3fdde71c7d95d758
Reviewed-by: Frank Heimes <frank.heimes@canonical.com>
Last-Update: 2021-11-24

--- a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
@@ -2020,7 +2020,7 @@ macro loadWithStructureCheck(operand, sl
 end
 
 macro getProperty(slow)
-    loadisFromInstruction(6, t1)
+    loadpFromInstruction(6, t1)
     loadPropertyAtVariableOffset(t1, t0, t2, slow)
     valueProfile(t2, 7, t0)
     loadisFromInstruction(1, t0)