mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/xpcom/reflect/xptcall
История
Laszlo Ersek b3ba117711 Bug 1304962 - fix argument processing in AARCH64 xptcall; r=froydnj 
The invoke_copy_to_stack() function passes incorrect "stack_args" and
"end" arguments to the alloc_word() utility function, for parameter types
T_I8..T_I64, T_U8..T_U64, T_BOOL, T_CHAR and T_WCHAR.

Namely, the "end" input parameter of invoke_copy_to_stack(), which is
currently incorrectly passed as "end" to alloc_word(), points to the very
end of the entire exchange area between _NS_InvokeByIndex() and
invoke_copy_to_stack(). However, alloc_word()'s "end" parameter should
point to the end of the "ireg" (integer registers) sub-area of the
exchange area. That is, "ireg_end" should be passed to alloc_word() as
"end".

Because invoke_copy_to_stack()'s "end" input parameter is strictly greater
than "ireg_end", alloc_word() will happily trample over the "freg"
(floating point registers) area, on the above-mentioned type branches,
given a large enough "paramCount".

Similarly, as second argument, "stack_args" should be passed to
alloc_word(), pointing to the next available stack slot, for spilled-over
arguments. Passing "stk", which initially points to the base of the entire
exchange area (and hence the base of the "ireg" area) makes no sense.

The two other alloc_word() calls in the function are correct. So
centralize all calls to alloc_word() to a single location -- thereby
ending up with a sole call site per alloc_XXX() function --, and compute
only the last argument, "word", conditionally.

This fixes an obscure SIGSEGV in AARCH64 Firefox. Triggering the bug
requires a target function with seven integer-like parameters (not
counting the implicit "this" -- aka "that" -- parameter), followed by at
least one parameter of the above buggy types. nsIOService::NewChannel2()
is such a target function, for example.

DONTBUILD because NPTOB
 		2016-09-24 06:36:16 +02:00
..
md Bug 1304962 - fix argument processing in AARCH64 xptcall; r=froydnj 2016-09-24 06:36:16 +02:00
tests Bug 1286877 - do not set c-basic-offset for python-mode; r=gps 2016-07-14 10:16:42 -06:00
README
genstubs.pl Bug 1028557 - Part 2: Flatten xpcom/reflect/xptcall/{public,src}/ directories. r=bsmedberg 2014-06-30 08:39:46 -07:00
moz.build Bug 1286877 - do not set c-basic-offset for python-mode; r=gps 2016-07-14 10:16:42 -06:00
porting.html Bug 1028557 - Part 2: Flatten xpcom/reflect/xptcall/{public,src}/ directories. r=bsmedberg 2014-06-30 08:39:46 -07:00
status.html Bug 1028557 - Part 2: Flatten xpcom/reflect/xptcall/{public,src}/ directories. r=bsmedberg 2014-06-30 08:39:46 -07:00
xptcall.cpp Bug 1189423 - part 2 - Remove superfluous |new| result check. r=froydnj 2015-07-30 15:06:00 +02:00
xptcall.h Bug 1052626, part 2 - Report the total size of nsXPCWrappedJS. r=bholley,froydnj 2014-08-25 12:34:00 -07:00
xptcprivate.h Bug 1189423 - part 1 - Add MOZ_COUNT_CTOR/DTOR for nsXPTCStubBase. r=froydnj 2015-08-04 14:30:00 +02:00
xptcstubsdecl.inc Bug 1028557 - Part 2: Flatten xpcom/reflect/xptcall/{public,src}/ directories. r=bsmedberg 2014-06-30 08:39:46 -07:00
xptcstubsdef.inc Bug 1028557 - Part 2: Flatten xpcom/reflect/xptcall/{public,src}/ directories. r=bsmedberg 2014-06-30 08:39:46 -07:00

README 

see:

http://www.mozilla.org/scriptable/xptcall-faq.html
and
http://lxr.mozilla.org/mozilla/source/xpcom/reflect/xptcall/porting.html