]> git.saurik.com Git - apple/javascriptcore.git/blobdiff - jit/JITStubs.cpp
projects / apple / javascriptcore.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
JavaScriptCore-584.tar.gz
[apple/javascriptcore.git] / jit / JITStubs.cpp
diff --git a/jit/JITStubs.cpp b/jit/JITStubs.cpp
index bf5168b45c2d8907fb51292c9fea081c585a7898..4706eb148a8ed4d8ca763cd299a40f4801c8ae59 100644 (file)
--- a/jit/JITStubs.cpp
+++ b/jit/JITStubs.cpp
@@ -2157,6 +2157,7 @@ DEFINE_STUB_FUNCTION(int, op_load_varargs)
     if (!arguments) {
         int providedParams = callFrame->registers()[RegisterFile::ArgumentCount].i() - 1;
         argCount = providedParams;
+        argCount = min(argCount, static_cast<uint32_t>(Arguments::MaxArguments));
         int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
         Register* newEnd = callFrame->registers() + sizeDelta;
         if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -2192,6 +2193,7 @@ DEFINE_STUB_FUNCTION(int, op_load_varargs)
         if (asObject(arguments)->classInfo() == &Arguments::info) {
             Arguments* argsObject = asArguments(arguments);
             argCount = argsObject->numProvidedArguments(callFrame);
+            argCount = min(argCount, static_cast<uint32_t>(Arguments::MaxArguments));
             int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
             Register* newEnd = callFrame->registers() + sizeDelta;
             if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -2202,6 +2204,7 @@ DEFINE_STUB_FUNCTION(int, op_load_varargs)
         } else if (isJSArray(&callFrame->globalData(), arguments)) {
             JSArray* array = asArray(arguments);
             argCount = array->length();
+            argCount = min(argCount, static_cast<uint32_t>(Arguments::MaxArguments));
             int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
             Register* newEnd = callFrame->registers() + sizeDelta;
             if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -2212,6 +2215,7 @@ DEFINE_STUB_FUNCTION(int, op_load_varargs)
         } else if (asObject(arguments)->inherits(&JSArray::info)) {
             JSObject* argObject = asObject(arguments);
             argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
+            argCount = min(argCount, static_cast<uint32_t>(Arguments::MaxArguments));
             int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
             Register* newEnd = callFrame->registers() + sizeDelta;
             if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
mirror of JavaScriptCore