From 4c0166323c440ea05d1bd817ef6812c08968f792 Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Thu, 21 Mar 2013 18:39:23 +0100 Subject: [PATCH] Fix random crashes in leaf functions A "leaf" function that doesn't call any other JS functions but calls built-in functions may easily have function->maxNumberOfArguments "calculated" to zero due to the lack of call expressions. That means we may not have allocated enough stack space for the variable arguments needed for builtin runtime calls and then end up overwriting some of the callee saved registers. This can also happen in non-leaf functions, but is less likely of course. So in addition to the explicit call expressions this patch also takes the built-in expression parameter list of the IR CALL into account. It may end up calculating a maxNumberOfArguments value that is slightly too high, but we pay a relatively small price for that compared to doing a second pass over the IR or trying to patch offsets after code generation. Change-Id: Ic7cddd38952fdccbb1d636bc4d5578c2276fc1c9 Reviewed-by: Lars Knoll --- src/v4/qv4jsir.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/v4/qv4jsir.cpp b/src/v4/qv4jsir.cpp index 3c55131..120a5d4 100644 --- a/src/v4/qv4jsir.cpp +++ b/src/v4/qv4jsir.cpp @@ -665,6 +665,10 @@ Expr *BasicBlock::CALL(Expr *base, ExprList *args) { Call *e = function->New(); e->init(base, args); + int argc = 0; + for (ExprList *it = args; it; it = it->next) + ++argc; + function->maxNumberOfArguments = qMax(function->maxNumberOfArguments, argc); return e; } -- 2.7.4