From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Date: Mon, 25 Apr 2022 11:00:32 +0000 (+0100)
Subject: fix JSCore segmentation fault on 64-bit big endian systems
X-Git-Tag: archive/raspbian/5.212.0_alpha4-16+rpi1^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d2a06cca6b4b9e0de9095904a0034b4d65d2224c;p=qtwebkit-opensource-src.git

fix JSCore segmentation fault on 64-bit big endian systems

Origin: backport, https://github.com/webkit/webkit/commit/3fdde71c7d95d758
Reviewed-by: Frank Heimes <frank.heimes@canonical.com>
Last-Update: 2021-11-24

In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes
the property offset as pointer size (hence 64 bit) value:

2141: instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);

while the same slot is accessed later by the jitted code as 32 bit integer:

macro getProperty(slow)
   loadisFromInstruction(6, t1)

This fails on big endian targets since the integer access takes the higher
part of the 64 bit value.

Gbp-Pq: Name jscore_big_endian.diff
---

diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
index 4b3febb3..2ba7dba5 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
@@ -2020,7 +2020,7 @@ macro loadWithStructureCheck(operand, slowPath)
 end
 
 macro getProperty(slow)
-    loadisFromInstruction(6, t1)
+    loadpFromInstruction(6, t1)
     loadPropertyAtVariableOffset(t1, t0, t2, slow)
     valueProfile(t2, 7, t0)
     loadisFromInstruction(1, t0)