guix-devel/gnu/packages/patches/icecat-CVE-2015-0836-pt-08....

54 lines
2.0 KiB
Diff
Raw Normal View History

From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001
From: Jan de Mooij <jdemooij@mozilla.com>
Date: Mon, 26 Jan 2015 12:59:47 +0100
Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the
has-script check. r=shu, a=sledru
---
js/src/jit/CodeGenerator.cpp | 24 ++++++++----------------
1 file changed, 8 insertions(+), 16 deletions(-)
diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
index ba14f86..0669692 100644
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply)
masm.checkStackAlignment();
- // If the function is known to be uncompilable, only emit the call to InvokeFunction.
+ // If the function is native, only emit the call to InvokeFunction.
ExecutionMode executionMode = gen->info().executionMode();
- if (apply->hasSingleTarget()) {
- JSFunction *target = apply->getSingleTarget();
- if (target->isNative()) {
- if (!emitCallInvokeFunction(apply, copyreg))
- return false;
- emitPopArguments(apply, copyreg);
- return true;
- }
+ if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) {
+ if (!emitCallInvokeFunction(apply, copyreg))
+ return false;
+ emitPopArguments(apply, copyreg);
+ return true;
}
Label end, invoke;
- // Guard that calleereg is an interpreted function with a JSScript:
- if (!apply->hasSingleTarget()) {
- masm.branchIfFunctionHasNoScript(calleereg, &invoke);
- } else {
- // Native single targets are handled by LCallNative.
- JS_ASSERT(!apply->getSingleTarget()->isNative());
- }
+ // Guard that calleereg is an interpreted function with a JSScript.
+ masm.branchIfFunctionHasNoScript(calleereg, &invoke);
// Knowing that calleereg is a non-native function, load the JSScript.
masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg);
--
2.2.1