Группа :: Система/Библиотеки
Пакет: libv8-3.14
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: v8-3.14.5.10-CVE-2013-6668-segfault.patch
Скачать
Скачать
From 3122e0eae64c5ab494b29d0a9cadef902d93f1f9 Mon Sep 17 00:00:00 2001
From: Fedor Indutny <fedor@indutny.com>
Date: Fri, 22 Aug 2014 03:59:35 +0400
Subject: [PATCH] deps: fix up v8 after fd80a3
fd80a31e0697d6317ce8c2d289575399f4e06d21 has introduced a segfault
during redundant boundary check elimination (#8208).
The problem consists of two parts:
1. Abscense of instruction iterator in
`EliminateRedundantBoundsChecks`. It was present in recent v8, but
wasn't considered important at the time of backport. However, since
the function is changing instructions order in block, it is
important to not rely at `i->next()` at the end of the loop.
2. Too strict ASSERT in `MoveIndexIfNecessary`. It is essentially a
backport of a45c96ab from v8's upstream. See
https://github.com/v8/v8/commit/a45c96ab for details.
fix #8208
---
src/hydrogen.cc | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index 50d8e49..18a6b60 100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -3546,7 +3546,11 @@ class BoundsCheckBbData: public ZoneObject {void MoveIndexIfNecessary(HValue* index_raw,
HBoundsCheck* insert_before,
HInstruction* end_of_scan_range) {- ASSERT(index_raw->IsAdd() || index_raw->IsSub());
+ if (!index_raw->IsAdd() && !index_raw->IsSub()) {+ // index_raw can be HAdd(index_base, offset), HSub(index_base, offset),
+ // or index_base directly. In the latter case, no need to move anything.
+ return;
+ }
HBinaryOperation* index =
HArithmeticBinaryOperation::cast(index_raw);
HValue* left_input = index->left();
@@ -3581,7 +3585,6 @@ class BoundsCheckBbData: public ZoneObject { HBoundsCheck* tighter_check) {ASSERT(original_check->length() == tighter_check->length());
MoveIndexIfNecessary(tighter_check->index(), original_check, tighter_check);
- original_check->ReplaceAllUsesWith(original_check->index());
original_check->SetOperandAt(0, tighter_check->index());
}
};
@@ -3624,7 +3627,9 @@ void HGraph::EliminateRedundantBoundsChecks(HBasicBlock* bb,
BoundsCheckTable* table) {BoundsCheckBbData* bb_data_list = NULL;
- for (HInstruction* i = bb->first(); i != NULL; i = i->next()) {+ HInstruction* next;
+ for (HInstruction* i = bb->first(); i != NULL; i = next) {+ next = i->next();
if (!i->IsBoundsCheck()) continue;
HBoundsCheck* check = HBoundsCheck::cast(i);