Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-16 23:05:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 606423 - Guard against invalid index when unblacklisting (r=dmandelin,a=blocker)

Browse Source
This commit is contained in:
Bill McCloskey 2010-12-30 16:23:36 -08:00
parent 6835981036
commit eeda171c78
3 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
js/src/methodjit/Compiler.cpp
View File

@ -597,6 +597,7 @@ mjit::Compiler::finishThisUp(JITScript **jitp)
if (ic::TraceICInfo *scriptTICs = jit->traceICs) {
for (size_t i = 0; i < traceICs.length(); i++) {
scriptTICs[i].initialized = traceICs[i].initialized;
if (!traceICs[i].initialized)
continue;

7
js/src/methodjit/InvokeHelpers.cpp
View File

@ -896,9 +896,12 @@ DisableTraceHint(VMFrame &f, ic::TraceICInfo &tic)
static void
EnableTraceHintAt(JSScript *script, js::mjit::JITScript *jit, jsbytecode *pc, uint16_t index)
{
JS_ASSERT(index < jit->nTraceICs);
if (index >= jit->nTraceICs)
return;
ic::TraceICInfo &tic = jit->traceICs[index];
if (!tic.initialized)
return;
JS_ASSERT(tic.jumpTargetPC == pc);
JaegerSpew(JSpew_PICs, "Enabling trace IC %u in script %p\n", index, script);

1
js/src/methodjit/MonoIC.h
View File

@ -154,6 +154,7 @@ struct TraceICInfo {
void *traceData;
uintN traceEpoch;
bool initialized : 1;
bool hasSlowTraceHint : 1;
};