Bug 258936

Summary: Left shift of negative value in JSC::RegisterAtOffset::offset()
Product: WebKit Reporter: Xi Ruoyao <xry111>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: mark.lam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   

Description Xi Ruoyao 2023-07-06 09:52:18 PDT 
JSC::RegisterAtOffset::m_offsetBits is ptrdiff_t, so it's signed.  And
on most platforms the stack grows downward, so the value if often
negative.  The C++ standard explicit deems left shift of negative value
undefined.
Comment 1 Xi Ruoyao 2023-07-06 11:26:37 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/15601
Comment 2 Radar WebKit Bug Importer 2023-07-13 09:53:18 PDT 
<rdar://problem/112205512>