src · 088f9c60133fcad78fb3eb96c78298971d3cfea8 · Linshizhi / V8

Pass argc of JSEntry as intptr_t · 088f9c60

tzik authored Jan 08, 2019

|argc| parameter of JSEntry is passed as int from C++ code, and loaded
into a register on the asm code. As int is 32 bit, and registers are
64 bit on 64 bit platforms, upper 32 bits of the loaded value may be
contaminated by a random value if it's passed as a stack parameter.

For now, |argc| is passed as a register parameter on all platforms, and
the upper 32 bits of |argc| is filled by zero, fortunately. However, if
we shuffle the order of parameters, |argc| can be passed as a stack
parameter and its value may be broken.

Specifically on x64 Windows, the first 4 parameters are passed as
register parameters and the rest are stack parameters. As |argc| is the
4th parameter, if we prepend another parameter and shift |argc| to
the 5th parameter, |argc| will become a stack parameter and its load
to 64 bit register breaks the value.

This CL converts the type of the |argc| parameter to intptr_t, so that
it's safe to load from stack to full width registers.

Bug: v8:8124
Change-Id: Ie7407cf5e6252ed7323a9c42389db387b0064673
Reviewed-on: https://chromium-review.googlesource.com/c/1400326Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58614}

088f9c60

Name	Last commit	Last update
..
arm		Loading commit data...
arm64		Loading commit data...
asmjs		Loading commit data...
ast		Loading commit data...
base		Loading commit data...
builtins		Loading commit data...
compiler		Loading commit data...
compiler-dispatcher		Loading commit data...
debug		Loading commit data...
extensions		Loading commit data...
heap		Loading commit data...
ia32		Loading commit data...
ic		Loading commit data...
inspector		Loading commit data...
interpreter		Loading commit data...
js		Loading commit data...
libplatform		Loading commit data...
libsampler		Loading commit data...
mips		Loading commit data...
mips64		Loading commit data...
objects		Loading commit data...
parsing		Loading commit data...
ppc		Loading commit data...
profiler		Loading commit data...
regexp		Loading commit data...
runtime		Loading commit data...
s390		Loading commit data...
snapshot		Loading commit data...
third_party		Loading commit data...
torque		Loading commit data...
tracing		Loading commit data...
trap-handler		Loading commit data...
wasm		Loading commit data...
x64		Loading commit data...
zone		Loading commit data...
DEPS		Loading commit data...
OWNERS		Loading commit data...
accessors.cc		Loading commit data...
accessors.h		Loading commit data...
address-map.cc		Loading commit data...
address-map.h		Loading commit data...
allocation-site-scopes-inl.h		Loading commit data...
allocation-site-scopes.h		Loading commit data...
allocation.cc		Loading commit data...
allocation.h		Loading commit data...
api-arguments-inl.h		Loading commit data...
api-arguments.cc		Loading commit data...
api-arguments.h		Loading commit data...
api-inl.h		Loading commit data...
api-natives.cc		Loading commit data...
api-natives.h		Loading commit data...
api.cc		Loading commit data...
api.h		Loading commit data...
arguments-inl.h		Loading commit data...
arguments.cc		Loading commit data...
arguments.h		Loading commit data...
asan.h		Loading commit data...
assembler-arch.h		Loading commit data...
assembler-inl.h		Loading commit data...
assembler.cc		Loading commit data...
assembler.h		Loading commit data...
assert-scope.cc		Loading commit data...
assert-scope.h		Loading commit data...
async-hooks-wrapper.cc		Loading commit data...
async-hooks-wrapper.h		Loading commit data...
bailout-reason.cc		Loading commit data...
bailout-reason.h		Loading commit data...
basic-block-profiler.cc		Loading commit data...
basic-block-profiler.h		Loading commit data...
bignum-dtoa.cc		Loading commit data...
bignum-dtoa.h		Loading commit data...
bignum.cc		Loading commit data...
bignum.h		Loading commit data...
bit-vector.cc		Loading commit data...
bit-vector.h		Loading commit data...
bootstrapper.cc		Loading commit data...
bootstrapper.h		Loading commit data...
boxed-float.h		Loading commit data...
cached-powers.cc		Loading commit data...
cached-powers.h		Loading commit data...
callable.h		Loading commit data...
cancelable-task.cc		Loading commit data...
cancelable-task.h		Loading commit data...
char-predicates-inl.h		Loading commit data...
char-predicates.cc		Loading commit data...
char-predicates.h		Loading commit data...
checks.h		Loading commit data...
code-comments.cc		Loading commit data...
code-comments.h		Loading commit data...
code-events.h		Loading commit data...
code-factory.cc		Loading commit data...
code-factory.h		Loading commit data...
code-reference.cc		Loading commit data...
code-reference.h		Loading commit data...
code-stub-assembler.cc		Loading commit data...
code-stub-assembler.h		Loading commit data...
code-tracer.h		Loading commit data...
codegen.cc		Loading commit data...
codegen.h		Loading commit data...
collector.h		Loading commit data...
compilation-cache.cc		Loading commit data...
compilation-cache.h		Loading commit data...
compilation-statistics.cc		Loading commit data...
compilation-statistics.h		Loading commit data...
compiler.cc		Loading commit data...
compiler.h		Loading commit data...
constant-pool.cc		Loading commit data...
constant-pool.h		Loading commit data...
constants-arch.h		Loading commit data...
contexts-inl.h		Loading commit data...
contexts.cc		Loading commit data...
contexts.h		Loading commit data...
conversions-inl.h		Loading commit data...
conversions.cc		Loading commit data...
conversions.h		Loading commit data...
counters-inl.h		Loading commit data...
counters.cc		Loading commit data...
counters.h		Loading commit data...
cpu-features.h		Loading commit data...
d8-console.cc		Loading commit data...
d8-console.h		Loading commit data...
d8-platforms.cc		Loading commit data...
d8-platforms.h		Loading commit data...
d8-posix.cc		Loading commit data...
d8-windows.cc		Loading commit data...
d8.cc		Loading commit data...
d8.h		Loading commit data...
d8.js		Loading commit data...
date.cc		Loading commit data...
date.h		Loading commit data...
dateparser-inl.h		Loading commit data...
dateparser.cc		Loading commit data...
dateparser.h		Loading commit data...
deoptimize-reason.cc		Loading commit data...
deoptimize-reason.h		Loading commit data...
deoptimizer.cc		Loading commit data...
deoptimizer.h		Loading commit data...
detachable-vector.cc		Loading commit data...
detachable-vector.h		Loading commit data...
disasm.h		Loading commit data...
disassembler.cc		Loading commit data...
disassembler.h		Loading commit data...
diy-fp.cc		Loading commit data...
diy-fp.h		Loading commit data...
double.h		Loading commit data...
dtoa.cc		Loading commit data...
dtoa.h		Loading commit data...
eh-frame.cc		Loading commit data...
eh-frame.h		Loading commit data...
elements-inl.h		Loading commit data...
elements-kind.cc		Loading commit data...
elements-kind.h		Loading commit data...
elements.cc		Loading commit data...
elements.h		Loading commit data...
execution.cc		Loading commit data...
execution.h		Loading commit data...
external-reference-table.cc		Loading commit data...
external-reference-table.h		Loading commit data...
external-reference.cc		Loading commit data...
external-reference.h		Loading commit data...
fast-dtoa.cc		Loading commit data...
fast-dtoa.h		Loading commit data...
feedback-vector-inl.h		Loading commit data...
feedback-vector.cc		Loading commit data...
feedback-vector.h		Loading commit data...
field-index-inl.h		Loading commit data...
field-index.h		Loading commit data...
field-type.cc		Loading commit data...
field-type.h		Loading commit data...
fixed-dtoa.cc		Loading commit data...
fixed-dtoa.h		Loading commit data...
flag-definitions.h		Loading commit data...
flags.cc		Loading commit data...
flags.h		Loading commit data...
frame-constants.h		Loading commit data...
frames-inl.h		Loading commit data...
frames.cc		Loading commit data...
frames.h		Loading commit data...
futex-emulation.cc		Loading commit data...
futex-emulation.h		Loading commit data...
gdb-jit.cc		Loading commit data...
gdb-jit.h		Loading commit data...
global-handles.cc		Loading commit data...
global-handles.h		Loading commit data...
globals.h		Loading commit data...
handler-table.cc		Loading commit data...
handler-table.h		Loading commit data...
handles-inl.h		Loading commit data...
handles.cc		Loading commit data...
handles.h		Loading commit data...
heap-symbols.h		Loading commit data...
icu_util.cc		Loading commit data...
icu_util.h		Loading commit data...
identity-map.cc		Loading commit data...
identity-map.h		Loading commit data...
interface-descriptors.cc		Loading commit data...
interface-descriptors.h		Loading commit data...
isolate-allocator.cc		Loading commit data...
isolate-allocator.h		Loading commit data...
isolate-data.h		Loading commit data...
isolate-inl.h		Loading commit data...
isolate.cc		Loading commit data...
isolate.h		Loading commit data...
json-parser.cc		Loading commit data...
json-parser.h		Loading commit data...
json-stringifier.cc		Loading commit data...
json-stringifier.h		Loading commit data...
keys.cc		Loading commit data...
keys.h		Loading commit data...
label.h		Loading commit data...
layout-descriptor-inl.h		Loading commit data...
layout-descriptor.cc		Loading commit data...
layout-descriptor.h		Loading commit data...
locked-queue-inl.h		Loading commit data...
locked-queue.h		Loading commit data...
log-inl.h		Loading commit data...
log-utils.cc		Loading commit data...
log-utils.h		Loading commit data...
log.cc		Loading commit data...
log.h		Loading commit data...
lookup-cache-inl.h		Loading commit data...
lookup-cache.cc		Loading commit data...
lookup-cache.h		Loading commit data...
lookup-inl.h		Loading commit data...
lookup.cc		Loading commit data...
lookup.h		Loading commit data...
machine-type.cc		Loading commit data...
machine-type.h		Loading commit data...
macro-assembler-inl.h		Loading commit data...
macro-assembler.h		Loading commit data...
map-updater.cc		Loading commit data...
map-updater.h		Loading commit data...
math-random.cc		Loading commit data...
math-random.h		Loading commit data...
maybe-handles-inl.h		Loading commit data...
maybe-handles.h		Loading commit data...
memcopy.cc		Loading commit data...
memcopy.h		Loading commit data...
message-template.h		Loading commit data...
messages.cc		Loading commit data...
messages.h		Loading commit data...
microtask-queue.cc		Loading commit data...
microtask-queue.h		Loading commit data...
msan.h		Loading commit data...
objects-body-descriptors-inl.h		Loading commit data...
objects-body-descriptors.h		Loading commit data...
objects-debug.cc		Loading commit data...
objects-definitions.h		Loading commit data...
objects-inl.h		Loading commit data...
objects-printer.cc		Loading commit data...
objects.cc		Loading commit data...
objects.h		Loading commit data...
optimized-compilation-info.cc		Loading commit data...
optimized-compilation-info.h		Loading commit data...
ostreams.cc		Loading commit data...
ostreams.h		Loading commit data...
pending-compilation-error-handler.cc		Loading commit data...
pending-compilation-error-handler.h		Loading commit data...
perf-jit.cc		Loading commit data...
perf-jit.h		Loading commit data...
pointer-with-payload.h		Loading commit data...
property-descriptor.cc		Loading commit data...
property-descriptor.h		Loading commit data...
property-details.h		Loading commit data...
property.cc		Loading commit data...
property.h		Loading commit data...
prototype-inl.h		Loading commit data...
prototype.h		Loading commit data...
ptr-compr-inl.h		Loading commit data...
ptr-compr.h		Loading commit data...
register-arch.h		Loading commit data...
register-configuration.cc		Loading commit data...
register-configuration.h		Loading commit data...
register.h		Loading commit data...
reglist.h		Loading commit data...
reloc-info.cc		Loading commit data...
reloc-info.h		Loading commit data...
roots-inl.h		Loading commit data...
roots.cc		Loading commit data...
roots.h		Loading commit data...
runtime-profiler.cc		Loading commit data...
runtime-profiler.h		Loading commit data...
safepoint-table.cc		Loading commit data...
safepoint-table.h		Loading commit data...
setup-isolate-deserialize.cc		Loading commit data...
setup-isolate-full.cc		Loading commit data...
setup-isolate.h		Loading commit data...
signature.h		Loading commit data...
simulator-base.cc		Loading commit data...
simulator-base.h		Loading commit data...
simulator.h		Loading commit data...
source-position-table.cc		Loading commit data...
source-position-table.h		Loading commit data...
source-position.cc		Loading commit data...
source-position.h		Loading commit data...
splay-tree-inl.h		Loading commit data...
splay-tree.h		Loading commit data...
startup-data-util.cc		Loading commit data...
startup-data-util.h		Loading commit data...
string-builder-inl.h		Loading commit data...
string-builder.cc		Loading commit data...
string-case.cc		Loading commit data...
string-case.h		Loading commit data...
string-constants.cc		Loading commit data...
string-constants.h		Loading commit data...
string-hasher-inl.h		Loading commit data...
string-hasher.h		Loading commit data...
string-search.h		Loading commit data...
string-stream.cc		Loading commit data...
string-stream.h		Loading commit data...
strtod.cc		Loading commit data...
strtod.h		Loading commit data...
task-utils.cc		Loading commit data...
task-utils.h		Loading commit data...
thread-id.cc		Loading commit data...
thread-id.h		Loading commit data...
transitions-inl.h		Loading commit data...
transitions.cc		Loading commit data...
transitions.h		Loading commit data...
turbo-assembler.cc		Loading commit data...
turbo-assembler.h		Loading commit data...
type-hints.cc		Loading commit data...
type-hints.h		Loading commit data...
unicode-cache.h		Loading commit data...
unicode-decoder.cc		Loading commit data...
unicode-decoder.h		Loading commit data...
unicode-inl.h		Loading commit data...
unicode.cc		Loading commit data...
unicode.h		Loading commit data...
unoptimized-compilation-info.cc		Loading commit data...
unoptimized-compilation-info.h		Loading commit data...
unwinder.cc		Loading commit data...
uri.cc		Loading commit data...
uri.h		Loading commit data...
utils-inl.h		Loading commit data...
utils.cc		Loading commit data...
utils.h		Loading commit data...
v8.cc		Loading commit data...
v8.h		Loading commit data...
v8dll-main.cc		Loading commit data...
v8memory.h		Loading commit data...
v8threads.cc		Loading commit data...
v8threads.h		Loading commit data...
value-serializer.cc		Loading commit data...
value-serializer.h		Loading commit data...
vector-slot-pair.cc		Loading commit data...
vector-slot-pair.h		Loading commit data...
vector.h		Loading commit data...
version.cc		Loading commit data...
version.h		Loading commit data...
visitors.cc		Loading commit data...
visitors.h		Loading commit data...
vm-state-inl.h		Loading commit data...
vm-state.h		Loading commit data...