Fix Cluster Fuzz stack frame corruption bug.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/23596002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16358 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/arm/code-stubs-arm.cc b/src/arm/code-stubs-arm.cc
index 3b857ae..9a4d6e5 100644 (file)
--- a/src/arm/code-stubs-arm.cc
+++ b/src/arm/code-stubs-arm.cc
@@ -4413,6 +4413,7 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
 
+    __ SmiTag(r0);
     __ push(r0);
     __ push(r1);
     __ push(r2);
@@ -4423,6 +4424,7 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
     __ pop(r2);
     __ pop(r1);
     __ pop(r0);
+    __ SmiUntag(r0);
   }
   __ b(&done);
 

diff --git a/src/ia32/code-stubs-ia32.cc b/src/ia32/code-stubs-ia32.cc
index 0d59cd9..64f36b3 100644 (file)
--- a/src/ia32/code-stubs-ia32.cc
+++ b/src/ia32/code-stubs-ia32.cc
@@ -4303,6 +4303,7 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
 
+    __ SmiTag(eax);
     __ push(eax);
     __ push(edi);
     __ push(ebx);
@@ -4313,6 +4314,7 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
     __ pop(ebx);
     __ pop(edi);
     __ pop(eax);
+    __ SmiUntag(eax);
   }
   __ jmp(&done);
 

diff --git a/src/x64/code-stubs-x64.cc b/src/x64/code-stubs-x64.cc
index 39a66b6..9eed917 100644 (file)
--- a/src/x64/code-stubs-x64.cc
+++ b/src/x64/code-stubs-x64.cc
@@ -3391,6 +3391,7 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
 
+    __ Integer32ToSmi(rax, rax);
     __ push(rax);
     __ push(rdi);
     __ push(rbx);
@@ -3401,6 +3402,7 @@ static void GenerateRecordCallTarget(MacroAssembler* masm) {
     __ pop(rbx);
     __ pop(rdi);
     __ pop(rax);
+    __ SmiToInteger32(rax, rax);
   }
   __ jmp(&done);