Bug 1414852: Don't overflow offset from begin to untrusted wasm jit exit range; r=luke

MozReview-Commit-ID: 3RAq64ojenT

--HG--
extra : rebase_source : 3e279d2ce0fbcb91626dc9b7b3df2e90fec9f199

js/src/jit-test/tests/wasm/regress/nop-fill-jit-exit.js

@@ -0,0 +1,28 @@
+// |jit-test| --arm-asm-nop-fill=1
+//
+try {
+    enableSingleStepProfiling();
+    disableSingleStepProfiling();
+} catch (e) {
+    // Early quit on plateforms not supporting single step profiling.
+    quit();
+}
+
+load(libdir + "asm.js");
+
+var ffi = function(enable) {
+    enableGeckoProfiling();
+    enableSingleStepProfiling();
+}
+var f = asmLink(asmCompile('global', 'ffis',
+  USE_ASM + `
+    var ffi=ffis.ffi;
+    function f(i) {
+      i=i|0;
+      ffi(i|0);
+    } return f
+  `), null, {
+    ffi
+});
+f(0);
+f(+1);

js/src/wasm/WasmTypes.cpp

@@ -759,6 +759,8 @@ CodeRange::CodeRange(uint32_t funcIndex, JitExitOffsets offsets)
     u.funcIndex_ = funcIndex;
     u.jitExit.beginToUntrustedFPStart_ = offsets.untrustedFPStart - begin_;
     u.jitExit.beginToUntrustedFPEnd_ = offsets.untrustedFPEnd - begin_;
+    MOZ_ASSERT(jitExitUntrustedFPStart() == offsets.untrustedFPStart);
+    MOZ_ASSERT(jitExitUntrustedFPEnd() == offsets.untrustedFPEnd);
 }
 
 CodeRange::CodeRange(Trap trap, CallableOffsets offsets)

js/src/wasm/WasmTypes.h

@@ -1021,8 +1021,8 @@ class CodeRange
                     uint8_t beginToTierEntry_;
                 } func;
                 struct {
-                    uint8_t beginToUntrustedFPStart_;
-                    uint8_t beginToUntrustedFPEnd_;
+                    uint16_t beginToUntrustedFPStart_;
+                    uint16_t beginToUntrustedFPEnd_;
                 } jitExit;
             };
         };