[maglev] arm64: Fix StringCharCodeAt for cons string
The load of the {second_string} field should only be 4 Byte size. In case of the object being at a page boundary, the wrong load can trigger a segmentation fault. In all other cases, a wrongly loaded value will just result in a deferred runtime call. Bug: chromium:1411533 Change-Id: Icd22f6baa4a9625ebfced69f3b7a601adf795a5c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208936 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Matthias Liedtke <mliedtke@chromium.org> Cr-Commit-Position: refs/heads/main@{#85576}
This commit is contained in:
parent
dd5afcfffb
commit
05339e66f3
@ -627,7 +627,7 @@ void MaglevAssembler::StringCharCodeAt(RegisterSnapshot& register_snapshot,
|
||||
// Reuse {instance_type} register here, since CompareRoot requires a scratch
|
||||
// register as well.
|
||||
Register second_string = instance_type;
|
||||
Ldr(second_string, FieldMemOperand(string, ConsString::kSecondOffset));
|
||||
Ldr(second_string.W(), FieldMemOperand(string, ConsString::kSecondOffset));
|
||||
CompareRoot(second_string, RootIndex::kempty_string);
|
||||
B(&deferred_runtime_call->deferred_code_label, ne);
|
||||
DecompressAnyTagged(string,
|
||||
|
Loading…
Reference in New Issue
Block a user