Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(52)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: runtime/vm/simulator_dbc.cc

Issue 2549743002: VM: Fix DBC out-of-bounds load from Uint32List. (Closed)
Patch Set: add const Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2016, the Dart project authors. Please see the AUTHORS file 1 // Copyright (c) 2016, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a 2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file. 3 // BSD-style license that can be found in the LICENSE file.
4 4
5 #include <setjmp.h> // NOLINT 5 #include <setjmp.h> // NOLINT
6 #include <stdlib.h> 6 #include <stdlib.h>
7 7
8 #include "vm/globals.h" 8 #include "vm/globals.h"
9 #if defined(TARGET_ARCH_DBC) 9 #if defined(TARGET_ARCH_DBC)
10 10
(...skipping 3480 matching lines...) Expand 10 before | Expand all | Expand 10 after
3491 3491
3492 { 3492 {
3493 BYTECODE(LoadIndexedInt8, A_B_C); 3493 BYTECODE(LoadIndexedInt8, A_B_C);
3494 uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]); 3494 uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
3495 FP[rA] = Smi::New(*reinterpret_cast<int8_t*>(data)); 3495 FP[rA] = Smi::New(*reinterpret_cast<int8_t*>(data));
3496 DISPATCH(); 3496 DISPATCH();
3497 } 3497 }
3498 3498
3499 { 3499 {
3500 BYTECODE(LoadIndexedUint32, A_B_C); 3500 BYTECODE(LoadIndexedUint32, A_B_C);
3501 uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]); 3501 const uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
3502 FP[rA] = reinterpret_cast<RawObject*>(*reinterpret_cast<uintptr_t*>(data)); 3502 const uint32_t value = *reinterpret_cast<const uint32_t*>(data);
3503 FP[rA] = reinterpret_cast<RawObject*>(value);
3503 DISPATCH(); 3504 DISPATCH();
3504 } 3505 }
3505 3506
3506 { 3507 {
3507 BYTECODE(LoadIndexedInt32, A_B_C); 3508 BYTECODE(LoadIndexedInt32, A_B_C);
3508 uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]); 3509 const uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
3509 FP[rA] = reinterpret_cast<RawObject*>(*reinterpret_cast<intptr_t*>(data)); 3510 const int32_t value = *reinterpret_cast<const int32_t*>(data);
3511 FP[rA] = reinterpret_cast<RawObject*>(value);
3510 DISPATCH(); 3512 DISPATCH();
3511 } 3513 }
3512 3514
3513 { 3515 {
3514 BYTECODE(LoadIndexedExternalUint8, A_B_C); 3516 BYTECODE(LoadIndexedExternalUint8, A_B_C);
3515 uint8_t* data = reinterpret_cast<uint8_t*>(FP[rB]); 3517 uint8_t* data = reinterpret_cast<uint8_t*>(FP[rB]);
3516 RawSmi* index = RAW_CAST(Smi, FP[rC]); 3518 RawSmi* index = RAW_CAST(Smi, FP[rC]);
3517 FP[rA] = Smi::New(data[Smi::Value(index)]); 3519 FP[rA] = Smi::New(data[Smi::Value(index)]);
3518 DISPATCH(); 3520 DISPATCH();
3519 } 3521 }
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after
3727 pc_ = pc; 3729 pc_ = pc;
3728 } 3730 }
3729 3731
3730 buf->Longjmp(); 3732 buf->Longjmp();
3731 UNREACHABLE(); 3733 UNREACHABLE();
3732 } 3734 }
3733 3735
3734 } // namespace dart 3736 } // namespace dart
3735 3737
3736 #endif // defined TARGET_ARCH_DBC 3738 #endif // defined TARGET_ARCH_DBC
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698