-
commit-queue@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=121001 Patch by peavo@outlook.com <peavo@outlook.com> on 2013-10-25 Reviewed by Geoffrey Garen. On windows, using register GPRInfo::regT0 as parameter to e.g. JIT::storeDouble(..., GPRInfo::regT0)), results in a call to JIT::storeDouble(FPRegisterID src, const void* address), where the address parameter gets the value of GPRInfo::regT0, which is 0 (eax on Windows). This causes the register to be written to address 0, hence the crash. * assembler/MacroAssemblerX86.h: (JSC::MacroAssemblerX86::storeDouble): Assert if we try to generate code which writes to a null pointer. * dfg/DFGOSRExitCompiler32_64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): Use address in regT0 as parameter. * dfg/DFGThunks.cpp: (JSC::DFG::osrExitGenerationThunkGenerator): Ditto. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158057 268f45cc-cd09-0410-ab3c-d52691b4dbfc
390095ec