Changeset 116455 in webkit


Ignore:
Timestamp:
May 8, 2012, 2:52:11 PM (13 years ago)
Author:
[email protected]
Message:

SIGFPE on divide in classic interpreter
https://bugs.webkit.org/show_bug.cgi?id=85917

Rubber stamped by Oliver Hunt.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::privateExecute):

  • check for divisor of -1.
Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r116372 r116455  
     12012-05-08  Gavin Barraclough  <[email protected]>
     2
     3        SIGFPE on divide in classic interpreter
     4        https://bugs.webkit.org/show_bug.cgi?id=85917
     5
     6        Rubber stamped by Oliver Hunt.
     7
     8        * interpreter/Interpreter.cpp:
     9        (JSC::Interpreter::privateExecute):
     10            - check for divisor of -1.
     11
    1122012-05-07  Oliver Hunt  <[email protected]>
    213

  • trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

    r115861 r116455  
    24492449        JSValue divisor = callFrame->r(vPC[3].u.operand).jsValue();
    24502450
    2451         if (dividend.isInt32() && divisor.isInt32() && divisor.asInt32() != 0) {
     2451        if (dividend.isInt32() && divisor.isInt32() && divisor.asInt32() != 0 && divisor.asInt32() != -1) {
    24522452            JSValue result = jsNumber(dividend.asInt32() % divisor.asInt32());
    24532453            ASSERT(result);
Note: See TracChangeset for help on using the changeset viewer.