Bug 258936
| Summary: | Left shift of negative value in JSC::RegisterAtOffset::offset() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Xi Ruoyao <xry111> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | mark.lam, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Xi Ruoyao
JSC::RegisterAtOffset::m_offsetBits is ptrdiff_t, so it's signed. And
on most platforms the stack grows downward, so the value if often
negative. The C++ standard explicit deems left shift of negative value
undefined.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Xi Ruoyao
Pull request: https://github.com/WebKit/WebKit/pull/15601
Radar WebKit Bug Importer
<rdar://problem/112205512>