packages/firefox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
firefox/CVE-2021-43539.patch
lvfei 7bdb98bf34 Fix CVE-2021-43539
2024-11-12 17:42:35 +08:00

62 lines
2.3 KiB
Diff
Raw Permalink Blame History

From 1784bcb159d7dd8c65f6c016dcca6ed5b2982d2b Mon Sep 17 00:00:00 2001
From: Asumu Takikawa <asumu@igalia.com>
Date: Mon, 15 Nov 2021 16:26:57 +0000 (2021-11-16)
Subject: [PATCH] CVE-2021-43539
---
js/src/jit/CodeGenerator.cpp | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
index 81e723f196..a703024aa1 100644
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -7914,35 +7914,36 @@ void CodeGenerator::visitWasmCall(LWasmCall* lir) {
const wasm::CallSiteDesc& desc = mir->desc();
const wasm::CalleeDesc& callee = mir->callee();
+ CodeOffset retOffset;
switch (callee.which()) {
case wasm::CalleeDesc::Func:
- masm.call(desc, callee.funcIndex());
+ retOffset = masm.call(desc, callee.funcIndex());
reloadRegs = false;
switchRealm = false;
break;
case wasm::CalleeDesc::Import:
- masm.wasmCallImport(desc, callee);
+ retOffset = masm.wasmCallImport(desc, callee);
break;
case wasm::CalleeDesc::AsmJSTable:
case wasm::CalleeDesc::WasmTable:
- masm.wasmCallIndirect(desc, callee, needsBoundsCheck);
+ retOffset = masm.wasmCallIndirect(desc, callee, needsBoundsCheck);
reloadRegs = switchRealm = callee.which() == wasm::CalleeDesc::WasmTable;
break;
case wasm::CalleeDesc::Builtin:
- masm.call(desc, callee.builtin());
+ retOffset = masm.call(desc, callee.builtin());
reloadRegs = false;
switchRealm = false;
break;
case wasm::CalleeDesc::BuiltinInstanceMethod:
- masm.wasmCallBuiltinInstanceMethod(desc, mir->instanceArg(),
- callee.builtin(),
- mir->builtinMethodFailureMode());
+ retOffset = masm.wasmCallBuiltinInstanceMethod(
+ desc, mir->instanceArg(), callee.builtin(),
+ mir->builtinMethodFailureMode());
switchRealm = false;
break;
}
// Note the assembler offset for the associated LSafePoint.
- markSafepointAt(masm.currentOffset(), lir);
+ markSafepointAt(retOffset.offset(), lir);
// Now that all the outbound in-memory args are on the stack, note the
// required lower boundary point of the associated StackMap.
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink