Bug 975182 - OdinMonkey: when triggering operation callback, leave PROT_READ|PROT_WRITE (r=benj)

2024-09-13 09:24:08 -07:00 · 2014-02-21 11:05:36 -06:00 · 2014-02-21 11:05:36 -06:00 · 9bb539a959
commit 9bb539a959
parent 4eed36705e
2 changed files with 20 additions and 2 deletions
--- a/js/src/jit-test/tests/asm.js/testBug975182.js
+++ b/js/src/jit-test/tests/asm.js/testBug975182.js
@ -0,0 +1,18 @@
+Function("\
+    g = (function(t,foreign){\
+        \"use asm\";\
+        var ff = foreign.ff;\
+        function f() {\
+            +ff()\
+        }\
+        return f\
+    })(this, {\
+        ff: arguments.callee\
+    }, ArrayBuffer(4096))\
+")()
+function m(f) {
+    for (var j = 0; j < 6000; ++j) {
+        f();
+    }
+}
+m(g);
--- a/js/src/jit/AsmJSSignalHandlers.cpp
+++ b/js/src/jit/AsmJSSignalHandlers.cpp
@ -1031,10 +1031,10 @@ js::TriggerOperationCallbackForAsmJSCode(JSRuntime *rt)

 #if defined(XP_WIN)
    DWORD oldProtect;
-    if (!VirtualProtect(module.codeBase(), module.functionBytes(), PAGE_NOACCESS, &oldProtect))
+    if (!VirtualProtect(module.codeBase(), module.functionBytes(), PAGE_READWRITE, &oldProtect))
        MOZ_CRASH();
 #else  // assume Unix
-    if (mprotect(module.codeBase(), module.functionBytes(), PROT_NONE))
+    if (mprotect(module.codeBase(), module.functionBytes(), PROT_READ|PROT_WRITE))
        MOZ_CRASH();
 #endif
 }