Title: [284623] trunk/Source/_javascript_Core
- Revision
- 284623
- Author
- msab...@apple.com
- Date
- 2021-10-21 10:54:48 -0700 (Thu, 21 Oct 2021)
Log Message
Add missing overflow check to DFGIntegerRangeOptimizationPhase::filterConstant()
https://bugs.webkit.org/show_bug.cgi?id=232058
Reviewed by Robin Morisset.
Added overflow check.
* dfg/DFGIntegerRangeOptimizationPhase.cpp:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (284622 => 284623)
--- trunk/Source/_javascript_Core/ChangeLog 2021-10-21 17:40:23 UTC (rev 284622)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-10-21 17:54:48 UTC (rev 284623)
@@ -1,3 +1,14 @@
+2021-10-21 Michael Saboff <msab...@apple.com>
+
+ Add missing overflow check to DFGIntegerRangeOptimizationPhase::filterConstant()
+ https://bugs.webkit.org/show_bug.cgi?id=232058
+
+ Reviewed by Robin Morisset.
+
+ Added overflow check.
+
+ * dfg/DFGIntegerRangeOptimizationPhase.cpp:
+
2021-10-20 Yusuke Suzuki <ysuz...@apple.com>
*IsSane API's could take in the Structure's we're consulting, or they can be out parameters, so we don't rely on the CPU's memory ordering
Modified: trunk/Source/_javascript_Core/dfg/DFGIntegerRangeOptimizationPhase.cpp (284622 => 284623)
--- trunk/Source/_javascript_Core/dfg/DFGIntegerRangeOptimizationPhase.cpp 2021-10-21 17:40:23 UTC (rev 284622)
+++ trunk/Source/_javascript_Core/dfg/DFGIntegerRangeOptimizationPhase.cpp 2021-10-21 17:54:48 UTC (rev 284623)
@@ -568,6 +568,9 @@
switch (other.m_kind) {
case Equal:
+ if (differenceOverflows<int>(otherEffectiveRight, thisRight))
+ return *this;
+
// Return a version of *this that is Equal to other's constant.
return Relationship(m_left, m_right, Equal, otherEffectiveRight - thisRight);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
