Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(739)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: runtime/vm/simulator_dbc.cc

Issue 2549743002: VM: Fix DBC out-of-bounds load from Uint32List. (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: runtime/vm/simulator_dbc.cc
diff --git a/runtime/vm/simulator_dbc.cc b/runtime/vm/simulator_dbc.cc
index 8febf13468918bb2fb8946a1becdc1b78815e38e..cf3ebff1ee92402d1009d065f96a911a5b94650b 100644
--- a/runtime/vm/simulator_dbc.cc
+++ b/runtime/vm/simulator_dbc.cc
@@ -3499,14 +3499,16 @@ RawObject* Simulator::Call(const Code& code,
{
BYTECODE(LoadIndexedUint32, A_B_C);
uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
- FP[rA] = reinterpret_cast<RawObject*>(*reinterpret_cast<uintptr_t*>(data));
+ uint32_t value = *reinterpret_cast<uint32_t*>(data);
zra 2016/12/02 05:07:53 cosnt
Florian Schneider 2016/12/02 18:35:01 Can haz const.
+ FP[rA] = reinterpret_cast<RawObject*>(value);
DISPATCH();
}
{
BYTECODE(LoadIndexedInt32, A_B_C);
uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
- FP[rA] = reinterpret_cast<RawObject*>(*reinterpret_cast<intptr_t*>(data));
+ int32_t value = *reinterpret_cast<int32_t*>(data);
zra 2016/12/02 05:07:52 const
Florian Schneider 2016/12/02 18:35:01 Ditto.
+ FP[rA] = reinterpret_cast<RawObject*>(value);
DISPATCH();
}
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698