ruby-changes:68778
From: Mike <ko1@a...>
Date: Thu, 21 Oct 2021 08:13:31 +0900 (JST)
Subject: [ruby-changes:68778] 980aa329b6 (master): fix: ujit getinstancevariable code checks ivar extended table size
https://git.ruby-lang.org/ruby.git/commit/?id=980aa329b6 From 980aa329b648f3412d3584575481181b8d42cd60 Mon Sep 17 00:00:00 2001 From: Mike Dalessio <mike.dalessio@g...> Date: Tue, 16 Feb 2021 14:40:16 -0500 Subject: fix: ujit getinstancevariable code checks ivar extended table size Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@s...> Co-authored-by: Alan Wu <XrXr@u...> --- ujit_codegen.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ujit_codegen.c b/ujit_codegen.c index 541f74b964..26aa4ffcf0 100644 --- a/ujit_codegen.c +++ b/ujit_codegen.c @@ -525,6 +525,15 @@ gen_getinstancevariable(jitstate_t* jit, ctx_t* ctx) https://github.com/ruby/ruby/blob/trunk/ujit_codegen.c#L525 test(cb, flags_opnd, imm_opnd(ROBJECT_EMBED)); jnz_ptr(cb, side_exit); + // check that the extended table is big enough + if (ivar_index >= ROBJECT_EMBED_LEN_MAX + 1) + { + // Check that the slot is inside the extended table (num_slots > index) + x86opnd_t num_slots = mem_opnd(32, REG0, offsetof(struct RObject, as.heap.numiv)); + cmp(cb, num_slots, imm_opnd(ivar_index)); + jle_ptr(cb, side_exit); + } + // Get a pointer to the extended table x86opnd_t tbl_opnd = mem_opnd(64, REG0, offsetof(struct RObject, as.heap.ivptr)); mov(cb, REG0, tbl_opnd); -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/