[maglev] arm64: Fix StringCharCodeAt for cons string

The load of the {second_string} field should only be 4 Byte size. In case of the object being at a page boundary, the wrong load can trigger a segmentation fault. In all other cases, a wrongly loaded value will just result in a deferred runtime call. Bug: chromium:1411533 Change-Id: Icd22f6baa4a9625ebfced69f3b7a601adf795a5c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208936 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Matthias Liedtke <mliedtke@chromium.org> Cr-Commit-Position: refs/heads/main@{#85576}
2023-01-31 19:14:22 +01:00 · 2023-01-31 19:14:22 +01:00 · 05339e66f3
commit 05339e66f3
parent dd5afcfffb
1 changed files with 1 additions and 1 deletions
--- a/src/maglev/arm64/maglev-assembler-arm64.cc
+++ b/src/maglev/arm64/maglev-assembler-arm64.cc
@ -627,7 +627,7 @@ void MaglevAssembler::StringCharCodeAt(RegisterSnapshot& register_snapshot,
    // Reuse {instance_type} register here, since CompareRoot requires a scratch
    // register as well.
    Register second_string = instance_type;
-    Ldr(second_string, FieldMemOperand(string, ConsString::kSecondOffset));
+    Ldr(second_string.W(), FieldMemOperand(string, ConsString::kSecondOffset));
    CompareRoot(second_string, RootIndex::kempty_string);
    B(&deferred_runtime_call->deferred_code_label, ne);
    DecompressAnyTagged(string,