summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
blob: 685e3a6d43741176598122e24b26f4b07710ef12 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001
From: Jan de Mooij <jdemooij@mozilla.com>
Date: Mon, 26 Jan 2015 12:59:47 +0100
Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the
 has-script check. r=shu, a=sledru

---
 js/src/jit/CodeGenerator.cpp | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
index ba14f86..0669692 100644
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply)
 
     masm.checkStackAlignment();
 
-    // If the function is known to be uncompilable, only emit the call to InvokeFunction.
+    // If the function is native, only emit the call to InvokeFunction.
     ExecutionMode executionMode = gen->info().executionMode();
-    if (apply->hasSingleTarget()) {
-        JSFunction *target = apply->getSingleTarget();
-        if (target->isNative()) {
-            if (!emitCallInvokeFunction(apply, copyreg))
-                return false;
-            emitPopArguments(apply, copyreg);
-            return true;
-        }
+    if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) {
+        if (!emitCallInvokeFunction(apply, copyreg))
+            return false;
+        emitPopArguments(apply, copyreg);
+        return true;
     }
 
     Label end, invoke;
 
-    // Guard that calleereg is an interpreted function with a JSScript:
-    if (!apply->hasSingleTarget()) {
-        masm.branchIfFunctionHasNoScript(calleereg, &invoke);
-    } else {
-        // Native single targets are handled by LCallNative.
-        JS_ASSERT(!apply->getSingleTarget()->isNative());
-    }
+    // Guard that calleereg is an interpreted function with a JSScript.
+    masm.branchIfFunctionHasNoScript(calleereg, &invoke);
 
     // Knowing that calleereg is a non-native function, load the JSScript.
     masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg);
-- 
2.2.1