Issue 825403002: [turbofan] Fix invalid bounds check with overflowing offset.

Issue 825403002: [turbofan] Fix invalid bounds check with overflowing offset. (Closed)

Created:
5 years, 12 months ago by Benedikt Meurer

Modified:
5 years, 11 months ago

Reviewers:
Igor Sheludko, dcarney, Jarin, Michael Achenbach

CC:
v8-dev, danno

Base URL:
https://chromium.googlesource.com/v8/v8.git@master

Project:
v8

Visibility:
Public.

[turbofan] Fix invalid bounds check with overflowing offset. TEST=mjsunit/compiler/regress-445267 BUG=chromium:445267 LOG=y Committed: https://crrev.com/ef41f7068457bec8988732ce489f141ae67ad425 Cr-Commit-Position: refs/heads/master@{#25945}

Created: 5 years, 12 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+9 lines, -7 lines)			Patch
	M	src/compiler/x64/instruction-selector-x64.cc	View		2 chunks	+2 lines, -0 lines	0 comments	Download
	A +	test/mjsunit/compiler/regress-445267.js	View		1 chunk	+7 lines, -7 lines	0 comments	Download

Total messages: 9 (3 generated)

Benedikt Meurer

Negative offset (large positive int32 overflow) generates invalid bounds checking code and thereby invalid access ...

5 years, 12 months ago (2014-12-28 19:39:57 UTC) #2

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/825403002/1

5 years, 11 months ago (2014-12-29 09:36:42 UTC) #7

commit-bot: I haz the power

5 years, 11 months ago (2014-12-29 10:01:23 UTC) #9

Message was sent while issue was closed.

Patchset 1 (id:??) landed as
https://crrev.com/ef41f7068457bec8988732ce489f141ae67ad425
Cr-Commit-Position: refs/heads/master@{#25945}