diff options
| author | Alon Zakai <alonzakai@gmail.com> | 2013-04-23 14:56:14 -0700 |
|---|---|---|
| committer | Alon Zakai <alonzakai@gmail.com> | 2013-04-23 14:56:14 -0700 |
| commit | a5e96a395fcd69e44b7df074151e5c9783c1ded6 (patch) | |
| tree | 7853ae9ec886deca69ca35322da7fba32e95ad92 | |
| parent | fb9103426684a1fa70736febe147df49aedc91a5 (diff) | |
fix memory corruption in setjmp/asm.js; fixes #1087
| -rw-r--r-- | src/jsifier.js | 1 | ||||
| -rwxr-xr-x | tests/runner.py | 60 |
2 files changed, 61 insertions, 0 deletions
diff --git a/src/jsifier.js b/src/jsifier.js index 6d8def39..cd18f74d 100644 --- a/src/jsifier.js +++ b/src/jsifier.js @@ -713,6 +713,7 @@ function JSify(data, functionsOnly, givenFunctions) { } else { ret += 'var setjmpLabel = 0;\n'; ret += 'var setjmpTable = ' + RuntimeGenerator.stackAlloc(4 * (MAX_SETJMPS + 1) * 2) + ';\n'; + ret += makeSetValue('setjmpTable', '0', '0', 'i32') + ';'; // initialize first entry to 0 } } ret += indent + 'while(1) '; diff --git a/tests/runner.py b/tests/runner.py index 76dde558..ea0609bc 100755 --- a/tests/runner.py +++ b/tests/runner.py @@ -2552,6 +2552,66 @@ setjmp:6 x:4 ''') + def test_longjmp_stacked(self): + src = r''' + #include <stdio.h> + #include <setjmp.h> + #include <stdlib.h> + #include <string.h> + + int bottom, top; + + int run(int y) { + // confuse stack + char *s = (char*)alloca(100); + memset(s, 1, 100); + s[y] = y; + s[y/2] = y*2; + volatile int x = s[y]; + top = (int)alloca(4); + if (x <= 2) return x; + jmp_buf buf; + printf("setjmp of %d\n", x); + if (setjmp(buf) == 0) { + printf("going\n"); + x += run(x/2); + longjmp(buf, 1); + } + printf("back\n"); + return x/2; + } + + int main(int argc, char **argv) { + int sum = 0; + for (int i = 0; i < argc*2; i++) { + bottom = (int)alloca(4); + sum += run(10); + // scorch the earth + if (bottom < top) { + memset((void*)bottom, 1, top - bottom); + } else { + memset((void*)top, 1, bottom - top); + } + } + printf("%d\n", sum); + return sum; + } + ''' + self.do_run(src, '''setjmp of 10 +going +setjmp of 5 +going +back +back +setjmp of 10 +going +setjmp of 5 +going +back +back +12 +''') + def test_setjmp_many(self): src = r''' #include <stdio.h> |