diff options
| author | Benjamin Poulain <bpoulain@apple.com> | 2015-03-02 11:53:13 +0100 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-03-03 10:16:23 +0000 |
| commit | 3f0f7b59582197ca651b8aaeea17fd76b9a35b9c (patch) | |
| tree | 5f74b5a989e25a1127a1a973a8e1b272d00bcc0c /Source/JavaScriptCore/bytecode/CallVariant.cpp | |
| parent | 9c37660832d74ac696b5238640193646485664f8 (diff) | |
| download | qtwebkit-3f0f7b59582197ca651b8aaeea17fd76b9a35b9c.tar.gz | |
Fix unsafe memory load/store from the argument encoder/decoder affecting ARM
https://bugs.webkit.org/show_bug.cgi?id=125674
Patch by Benjamin Poulain <bpoulain@apple.com> on 2013-12-12
Reviewed by Darin Adler.
Depending on the CPU and CPU config, load and store may have to be aligned.
The argument buffer has no particular alignment which can cause problems.
In this case, on ARMv7, strd and ldrd can have alignment restriction on 16 bytes.
The code encoding double and 64 bits integers was causing bugs.
To avoid problems, the encoders/decoders are modified to just use memcpy. The compiler optimizes
it away for the right instructions (clang uses two ldr/str in the case of 64bits values on ARMv7).
* Platform/CoreIPC/ArgumentDecoder.cpp:
(CoreIPC::decodeValueFromBuffer):
(CoreIPC::ArgumentDecoder::decode):
* Platform/CoreIPC/ArgumentEncoder.cpp:
(CoreIPC::copyValueToBuffer):
(CoreIPC::ArgumentEncoder::encode):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160529 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Task-number: QTBUG-44740
Change-Id: I9bd448cbfc524c62bdf4bfaad52fa194d8159726
Reviewed-by: Julien Brianceau <jbriance@cisco.com>
Reviewed-by: Andras Becsi <andras.becsi@theqtcompany.com>
Diffstat (limited to 'Source/JavaScriptCore/bytecode/CallVariant.cpp')
0 files changed, 0 insertions, 0 deletions