Bug 973874: Ensure that all offsets that we take into the assembly buffer are created by the instruction we want to branch to (r=dougc)

2024-09-13 09:24:08 -07:00 · 2014-03-07 11:25:38 -05:00 · 2014-03-07 11:25:38 -05:00 · e46b48be79
commit e46b48be79
parent 9ae1e88b2d
2 changed files with 2 additions and 4 deletions
--- a/js/src/jit/arm/Assembler-arm.cpp
+++ b/js/src/jit/arm/Assembler-arm.cpp
@ -1704,7 +1704,6 @@ BufferOffset
 Assembler::as_BranchPool(uint32_t value, RepatchLabel *label, ARMBuffer::PoolEntry *pe, Condition c)
 {
    PoolHintPun php;
-    BufferOffset next = nextOffset();
    php.phd.init(0, c, PoolHintData::poolBranch, pc);
    m_buffer.markNextAsBranch();
    BufferOffset ret = m_buffer.insertEntry(4, (uint8_t*)&php.raw, int32Pool, (uint8_t*)&value, pe);
@ -1712,9 +1711,9 @@ Assembler::as_BranchPool(uint32_t value, RepatchLabel *label, ARMBuffer::PoolEnt
    // a correct branch.
    if (label->bound()) {
        BufferOffset dest(label);
-        as_b(dest.diffB<BOffImm>(next), c, next);
+        as_b(dest.diffB<BOffImm>(ret), c, ret);
    } else {
-        label->use(next.getOffset());
+        label->use(ret.getOffset());
    }
    return ret;
 }
--- a/js/src/jit/arm/MacroAssembler-arm.cpp
+++ b/js/src/jit/arm/MacroAssembler-arm.cpp
@ -4204,7 +4204,6 @@ MacroAssemblerARMCompat::jumpWithPatch(RepatchLabel *label, Condition cond)
 {
    ARMBuffer::PoolEntry pe;
    BufferOffset bo = as_BranchPool(0xdeadbeef, label, &pe, cond);
-
    // Fill in a new CodeOffset with both the load and the
    // pool entry that the instruction loads from.
    CodeOffsetJump ret(bo.getOffset(), pe.encode());