[webkit-changes] [111448] branches/safari-534.55-branch/Source/JavaScriptCore

Tue, 20 Mar 2012 15:08:03 -0700

Title: [111448] branches/safari-534.55-branch/Source/_javascript_Core

Diff

Modified: branches/safari-534.55-branch/Source/_javascript_Core/ChangeLog (111447 => 111448)


--- branches/safari-534.55-branch/Source/_javascript_Core/ChangeLog	2012-03-20 22:05:10 UTC (rev 111447)
+++ branches/safari-534.55-branch/Source/_javascript_Core/ChangeLog	2012-03-20 22:07:57 UTC (rev 111448)
@@ -1,3 +1,20 @@
+2012-03-20  Lucas Forschler  <[email protected]>
+
+    Merge 107647
+
+    2012-02-13  Oliver Hunt  <[email protected]>
+
+            Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
+            https://bugs.webkit.org/show_bug.cgi?id=76315
+
+            Reviewed by Gavin Barraclough.
+
+            Perform a 3 byte compare using two comparisons, rather than trying to perform the
+            operation with a four byte load.
+
+            * yarr/YarrJIT.cpp:
+            (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
 2012-03-19  Lucas Forschler  <[email protected]>
 
     Merge 111162

Modified: branches/safari-534.55-branch/Source/_javascript_Core/yarr/YarrJIT.cpp (111447 => 111448)


--- branches/safari-534.55-branch/Source/_javascript_Core/yarr/YarrJIT.cpp	2012-03-20 22:05:10 UTC (rev 111447)
+++ branches/safari-534.55-branch/Source/_javascript_Core/yarr/YarrJIT.cpp	2012-03-20 22:07:57 UTC (rev 111448)
@@ -728,10 +728,13 @@
                 break;
             }
             case 3: {
-                BaseIndex address(input, index, TimesOne, (startTermPosition - m_checked) * sizeof(LChar));
-                load32WithUnalignedHalfWords(address, character);
-                and32(Imm32(0xffffff), character);
-                break;
+                BaseIndex highAddress(input, index, TimesOne, (startTermPosition - m_checked) * sizeof(LChar));
+                load16(highAddress, character);
+                if (ignoreCaseMask)
+                    or32(Imm32(ignoreCaseMask), character);
+                op.m_jumps.append(branch32(NotEqual, character, Imm32((allCharacters & 0xffff) | ignoreCaseMask)));
+                op.m_jumps.append(jumpIfCharNotEquals(allCharacters >> 16, startTermPosition + 2 - m_checked, character));
+                return;
             }
             case 4: {
                 BaseIndex address(input, index, TimesOne, (startTermPosition - m_checked) * sizeof(LChar));

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to