From 1c745c59a02e85ea647d44e7dfcf693415dd1fa9 Mon Sep 17 00:00:00 2001 From: Matthew Flatt Date: Thu, 20 Oct 2011 14:26:07 -0600 Subject: [PATCH] fix JIT early reference to JIT generated address On x86_64, if the scratch-space address fits into 32 bits and the final place for shared code doesn't fit into a 32-bit address, then the size of the generated code could change, leading to a JIT buffer overflow. Merge to 5.2 (cherry picked from commit 35526a7bd73ad554fabbcf121822e9859fe3de59) --- src/racket/src/jitcommon.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/racket/src/jitcommon.c b/src/racket/src/jitcommon.c index 55722efadb..4658fb68bf 100644 --- a/src/racket/src/jitcommon.c +++ b/src/racket/src/jitcommon.c @@ -2597,7 +2597,8 @@ static int common10(mz_jit_state *jitter, void *_data) jit_ldxi_i(JIT_R2, JIT_V1, &((Scheme_Native_Closure_Data *)0x0)->closure_size); (void)jit_blti_i(refslow, JIT_R2, 0); /* case lambda */ jit_ldxi_p(JIT_R2, JIT_V1, &((Scheme_Native_Closure_Data *)0x0)->code); - ref_nc = jit_beqi_p(jit_forward(), JIT_R2, scheme_on_demand_jit_code); /* not yet JITted */ + jit_movi_p(JIT_V1, scheme_on_demand_jit_code); /* movi_p doesn't depends on actual address, which might change size */ + ref_nc = jit_beqr_p(jit_forward(), JIT_R2, JIT_V1); /* not yet JITted? */ jit_rshi_l(JIT_V1, JIT_R1, 1); jit_addi_l(JIT_V1, JIT_V1, 1); CHECK_LIMIT(); @@ -2614,6 +2615,7 @@ static int common10(mz_jit_state *jitter, void *_data) /* not-yet-JITted native: */ mz_patch_branch(ref_nc); + jit_ldxi_p(JIT_V1, JIT_R0, &((Scheme_Native_Closure *)0x0)->code); jit_ldxi_p(JIT_R0, JIT_V1, &((Scheme_Native_Closure_Data *)0x0)->u2.orig_code); jit_rshi_l(JIT_V1, JIT_R1, 1); jit_ldxi_i(JIT_R2, JIT_R0, &((Scheme_Closure_Data *)0x0)->num_params);