[webkit-changes] [114448] branches/safari-534.57-branch/Source/JavaScriptCore

Tue, 17 Apr 2012 15:32:46 -0700

Title: [114448] branches/safari-534.57-branch/Source/_javascript_Core
Revision
114448
Author
lforsch...@apple.com
Date
2012-04-17 15:32:41 -0700 (Tue, 17 Apr 2012)

Log Message

Merged r107647.


Modified Paths

Diff

Modified: branches/safari-534.57-branch/Source/_javascript_Core/ChangeLog (114447 => 114448)


--- branches/safari-534.57-branch/Source/_javascript_Core/ChangeLog	2012-04-17 22:29:20 UTC (rev 114447)
+++ branches/safari-534.57-branch/Source/_javascript_Core/ChangeLog	2012-04-17 22:32:41 UTC (rev 114448)
@@ -1,5 +1,22 @@
 2012-04-17  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 107647
+
+    2012-02-13  Oliver Hunt  <oli...@apple.com>
+
+            Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
+            https://bugs.webkit.org/show_bug.cgi?id=76315
+
+            Reviewed by Gavin Barraclough.
+
+            Perform a 3 byte compare using two comparisons, rather than trying to perform the
+            operation with a four byte load.
+
+            * yarr/YarrJIT.cpp:
+            (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
+2012-04-17  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 112966
 
     2012-04-02  Oliver Hunt  <oli...@apple.com>

Modified: branches/safari-534.57-branch/Source/_javascript_Core/yarr/YarrJIT.cpp (114447 => 114448)


--- branches/safari-534.57-branch/Source/_javascript_Core/yarr/YarrJIT.cpp	2012-04-17 22:29:20 UTC (rev 114447)
+++ branches/safari-534.57-branch/Source/_javascript_Core/yarr/YarrJIT.cpp	2012-04-17 22:32:41 UTC (rev 114448)
@@ -728,10 +728,13 @@
                 break;
             }
             case 3: {
-                BaseIndex address(input, index, TimesOne, (startTermPosition - m_checked) * sizeof(LChar));
-                load32WithUnalignedHalfWords(address, character);
-                and32(Imm32(0xffffff), character);
-                break;
+                BaseIndex highAddress(input, index, TimesOne, (startTermPosition - m_checked) * sizeof(LChar));
+                load16(highAddress, character);
+                if (ignoreCaseMask)
+                    or32(Imm32(ignoreCaseMask), character);
+                op.m_jumps.append(branch32(NotEqual, character, Imm32((allCharacters & 0xffff) | ignoreCaseMask)));
+                op.m_jumps.append(jumpIfCharNotEquals(allCharacters >> 16, startTermPosition + 2 - m_checked, character));
+                return;
             }
             case 4: {
                 BaseIndex address(input, index, TimesOne, (startTermPosition - m_checked) * sizeof(LChar));

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to