Ignore:
Timestamp:
May 8, 2012, 2:52:11 PM (13 years ago)
Author:
[email protected]
Message:

SIGFPE on divide in classic interpreter
https://bugs.webkit.org/show_bug.cgi?id=85917

Rubber stamped by Oliver Hunt.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::privateExecute):

  • check for divisor of -1.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

    r115861 r116455  
    24492449        JSValue divisor = callFrame->r(vPC[3].u.operand).jsValue();
    24502450
    2451         if (dividend.isInt32() && divisor.isInt32() && divisor.asInt32() != 0) {
     2451        if (dividend.isInt32() && divisor.isInt32() && divisor.asInt32() != 0 && divisor.asInt32() != -1) {
    24522452            JSValue result = jsNumber(dividend.asInt32() % divisor.asInt32());
    24532453            ASSERT(result);
Note: See TracChangeset for help on using the changeset viewer.