Closed
Bug 1401191
Opened 7 years ago
Closed 7 years ago
Initialize MoveOp::endCycleType_ to silence UBSan warning
Categories
(Core :: JavaScript Engine: JIT, enhancement, P2)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla58
People
(Reporter: anba, Assigned: anba)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
(deleted),
patch
|
nbp
:
review+
|
Details | Diff | Splinter Review |
MoveOp::endCycleType_ is not initialized in the constructor, so when we copy MoveOps in http://searchfox.org/mozilla-central/rev/1c13d5cf85f904afb8976c02a80daa252b893fca/js/src/jit/MoveResolver.cpp#310,326,346 , we may end up accessing an initialized MoveOp::endCycleType_.
Assignee | ||
Comment 1•7 years ago
|
||
I haven't tested this (except for a small C++ standalone program to ensure uninitialized members can cause UBSan errors when copied in default copy-constructors), but it seems that this caused the UBSan error mentioned in the log in bug 1367146.
Attachment #8909784 -
Flags: review?(nicolas.b.pierron)
Updated•7 years ago
|
Attachment #8909784 -
Flags: review?(nicolas.b.pierron) → review+
Updated•7 years ago
|
Priority: -- → P2
Assignee | ||
Comment 2•7 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=870329d65fc96d37befc13269ffca15d95693ef1
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7f85cf90d6f9
Initialize MoveOp::endCycleType_ to silence UBSan warning. r=nbp
Keywords: checkin-needed
Comment 4•7 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Updated•7 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•