Changeset 193648 in webkit for trunk/Source/JavaScriptCore/interpreter/JSStack.cpp

Timestamp:

Dec 7, 2015, 1:35:02 PM (10 years ago)

Author:

[email protected]

Message:

Crashes on PPC64 due to mprotect() on address not aligned to the page size
​https://bugs.webkit.org/show_bug.cgi?id=130237

Reviewed by Mark Lam.

Make sure that commitSize is at least as big as the page size.

• interpreter/JSStack.cpp:

(JSC::commitSize):
(JSC::JSStack::JSStack):
(JSC::JSStack::growSlowCase):

• interpreter/JSStack.h:

File:

• trunk/Source/JavaScriptCore/interpreter/JSStack.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/interpreter/JSStack.cpp

@@ -41 +41 @@
 static size_t committedBytesCount = 0;
 
+static size_t commitSize()
+{
+    static size_t size = 0;
+    if (!size)
+        size = std::max(16 * 1024, getpagesize());
+    return size;
+}
+
 static StaticLock stackStatisticsMutex;
 #endif // !ENABLE(JIT)
@@ -56 +64 @@
     ASSERT(capacity && isPageAligned(capacity));
 
-    m_reservation = PageReservation::reserve(WTF::roundUpToMultipleOf(commitSize, capacity), OSAllocator::JSVMStackPages);
+    m_reservation = PageReservation::reserve(WTF::roundUpToMultipleOf(commitSize(), capacity), OSAllocator::JSVMStackPages);
     setStackLimit(highAddress());
     m_commitTop = highAddress();
@@ -90 +98 @@
     // return false.
     ptrdiff_t delta = reinterpret_cast<char*>(m_commitTop) - reinterpret_cast<char*>(newTopOfStackWithReservedZone);
-    delta = WTF::roundUpToMultipleOf(commitSize, delta);
+    delta = WTF::roundUpToMultipleOf(commitSize(), delta);
     Register* newCommitTop = m_commitTop - (delta / sizeof(Register));
     if (newCommitTop < reservationTop())