Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(653)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: runtime/vm/simulator_dbc.cc

Issue 2549743002: VM: Fix DBC out-of-bounds load from Uint32List. (Closed)
Patch Set: add const Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: runtime/vm/simulator_dbc.cc
diff --git a/runtime/vm/simulator_dbc.cc b/runtime/vm/simulator_dbc.cc
index 8febf13468918bb2fb8946a1becdc1b78815e38e..8ff437a60b2a10c242e79906444104c4581f551c 100644
--- a/runtime/vm/simulator_dbc.cc
+++ b/runtime/vm/simulator_dbc.cc
@@ -3498,15 +3498,17 @@ RawObject* Simulator::Call(const Code& code,
{
BYTECODE(LoadIndexedUint32, A_B_C);
- uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
- FP[rA] = reinterpret_cast<RawObject*>(*reinterpret_cast<uintptr_t*>(data));
+ const uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
+ const uint32_t value = *reinterpret_cast<const uint32_t*>(data);
+ FP[rA] = reinterpret_cast<RawObject*>(value);
DISPATCH();
}
{
BYTECODE(LoadIndexedInt32, A_B_C);
- uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
- FP[rA] = reinterpret_cast<RawObject*>(*reinterpret_cast<intptr_t*>(data));
+ const uint8_t* data = SimulatorHelpers::GetTypedData(FP[rB], FP[rC]);
+ const int32_t value = *reinterpret_cast<const int32_t*>(data);
+ FP[rA] = reinterpret_cast<RawObject*>(value);
DISPATCH();
}
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698