ARMv7: Crash due to use after free of AssemblerBuffer
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Nov 2013 21:15:18 +0000 (21:15 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Nov 2013 21:15:18 +0000 (21:15 +0000)
commit98e6c7e0f2a7e27316bd02c46bf8024954855ad8
tree189dec7c555c56557c9d74e4d975fed2501a1745
parent0a324cb2b41008549ebbedcfbea95d1c36c41ca0
ARMv7: Crash due to use after free of AssemblerBuffer
https://bugs.webkit.org/show_bug.cgi?id=124611

Reviewed by Geoffrey Garen.

Changed JITFinalizer constructor to take a MacroAssemblerCodePtr instead of a Label.
In finalizeFunction(), we use that value instead of calculating it from the label.

* assembler/MacroAssembler.cpp:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::JITFinalizer):
(JSC::DFG::JITFinalizer::finalizeFunction):
* dfg/DFGJITFinalizer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@159577 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp
Source/JavaScriptCore/dfg/DFGJITFinalizer.h