aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch104
1 files changed, 104 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch
new file mode 100644
index 0000000000..869feaf7c6
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch
@@ -0,0 +1,104 @@
+From 3f0f685829445ae82974d61f6017fdb67349c32b Mon Sep 17 00:00:00 2001
+From: Dan Gohman <sunfish@mozilla.com>
+Date: Fri, 9 Jan 2015 09:04:12 -0500
+Subject: [PATCH] Bug 1096138 - IonMonkey: Augment Nops with Mops to avoid
+ collisions with fixed live ranges. r=jandem, a=sledru
+
+---
+ js/src/jit/CodeGenerator.cpp | 6 ++++++
+ js/src/jit/CodeGenerator.h | 1 +
+ js/src/jit/LIR-Common.h | 6 ++++++
+ js/src/jit/LOpcodes.h | 1 +
+ js/src/jit/Lowering.cpp | 12 ++++++++++++
+ 5 files changed, 26 insertions(+)
+
+diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
+index 4f07524..ba14f86 100644
+--- a/js/src/jit/CodeGenerator.cpp
++++ b/js/src/jit/CodeGenerator.cpp
+@@ -1077,6 +1077,12 @@ CodeGenerator::visitNop(LNop *lir)
+ }
+
+ bool
++CodeGenerator::visitMop(LMop *lir)
++{
++ return true;
++}
++
++bool
+ CodeGenerator::visitOsiPoint(LOsiPoint *lir)
+ {
+ // Note: markOsiPoint ensures enough space exists between the last
+diff --git a/js/src/jit/CodeGenerator.h b/js/src/jit/CodeGenerator.h
+index 03677a5..dce095d 100644
+--- a/js/src/jit/CodeGenerator.h
++++ b/js/src/jit/CodeGenerator.h
+@@ -58,6 +58,7 @@ class CodeGenerator : public CodeGeneratorSpecific
+
+ bool visitLabel(LLabel *lir);
+ bool visitNop(LNop *lir);
++ bool visitMop(LMop *lir);
+ bool visitOsiPoint(LOsiPoint *lir);
+ bool visitGoto(LGoto *lir);
+ bool visitTableSwitch(LTableSwitch *ins);
+diff --git a/js/src/jit/LIR-Common.h b/js/src/jit/LIR-Common.h
+index c90aef9..e7a0e4c 100644
+--- a/js/src/jit/LIR-Common.h
++++ b/js/src/jit/LIR-Common.h
+@@ -42,6 +42,12 @@ class LNop : public LInstructionHelper<0, 0, 0>
+ LIR_HEADER(Nop)
+ };
+
++class LMop : public LInstructionHelper<0, 0, 0>
++{
++ public:
++ LIR_HEADER(Mop)
++};
++
+ // An LOsiPoint captures a snapshot after a call and ensures enough space to
+ // patch in a call to the invalidation mechanism.
+ //
+diff --git a/js/src/jit/LOpcodes.h b/js/src/jit/LOpcodes.h
+index a32d64f..cd7eef8 100644
+--- a/js/src/jit/LOpcodes.h
++++ b/js/src/jit/LOpcodes.h
+@@ -10,6 +10,7 @@
+ #define LIR_COMMON_OPCODE_LIST(_) \
+ _(Label) \
+ _(Nop) \
++ _(Mop) \
+ _(OsiPoint) \
+ _(MoveGroup) \
+ _(Integer) \
+diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp
+index d5f8227..48b7fa9 100644
+--- a/js/src/jit/Lowering.cpp
++++ b/js/src/jit/Lowering.cpp
+@@ -3616,12 +3616,24 @@ LIRGenerator::visitInstruction(MInstruction *ins)
+ ins->setInWorklistUnchecked();
+ #endif
+
++ // If we added a Nop for this instruction, we'll also add a Mop, so that
++ // that live-ranges for fixed register defs, which with LSRA extend through
++ // the Nop so that they can extend through the OsiPoint don't, with their
++ // one-extra extension, extend into a position where they use the input
++ // move group for the following instruction.
++ bool needsMop = !current->instructions().empty() && current->rbegin()->isNop();
++
+ // If no safepoint was created, there's no need for an OSI point.
+ if (LOsiPoint *osiPoint = popOsiPoint()) {
+ if (!add(osiPoint))
+ return false;
+ }
+
++ if (needsMop) {
++ if (!add(new(alloc()) LMop))
++ return false;
++ }
++
+ return true;
+ }
+
+--
+2.2.1
+