From 7a125135e1ef592aa20a29f7aac1a6117a6b1770 Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@qt.io>
Date: Wed, 15 Mar 2017 08:25:56 +0100
Subject: Protect CallContext member usage against word size differences

Ensure the offsets we're taking from ExecutionContext members in the JIT
code generator can be translated from host architecture sizes to target
architecture, using assertions and a memory layout that we already have
in the dev branch with commit 4de7e48ab160dacc7a09360e80264eac4945a8f4.

Change-Id: I1b26ef265234b05a6e5c8688a8aad2f33cd28783
Task-number: QTBUG-58666
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
---
 .../qmltooling/qmldbg_debugger/qv4datacollector.cpp |  2 +-
 src/qml/jit/qv4assembler.cpp                        |  3 ++-
 src/qml/jsruntime/qv4context_p.h                    | 21 ++++++++++++++++++---
 3 files changed, 21 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/plugins/qmltooling/qmldbg_debugger/qv4datacollector.cpp b/src/plugins/qmltooling/qmldbg_debugger/qv4datacollector.cpp
index 5d2e754057..8075b7c067 100644
--- a/src/plugins/qmltooling/qmldbg_debugger/qv4datacollector.cpp
+++ b/src/plugins/qmltooling/qmldbg_debugger/qv4datacollector.cpp
@@ -95,7 +95,7 @@ QVector<QV4::Heap::ExecutionContext::ContextType> QV4DataCollector::getScopeType
 
     QV4::ScopedContext it(scope, sctxt);
     for (; it; it = it->d()->outer)
-        types.append(it->d()->type);
+        types.append(QV4::Heap::ExecutionContext::ContextType(it->d()->type));
 
     return types;
 }
diff --git a/src/qml/jit/qv4assembler.cpp b/src/qml/jit/qv4assembler.cpp
index 66cf502bde..5c90aba464 100644
--- a/src/qml/jit/qv4assembler.cpp
+++ b/src/qml/jit/qv4assembler.cpp
@@ -290,7 +290,8 @@ typename Assembler<TargetConfiguration>::Pointer Assembler<TargetConfiguration>:
     } break;
     case IR::ArgLocal::Local:
     case IR::ArgLocal::ScopedLocal: {
-        loadPtr(Address(baseReg, qOffsetOf(CallContext::Data, locals)), baseReg);
+        const qint32 localsOffset = targetStructureOffset(Heap::CallContext::baseOffset + offsetof(Heap::CallContextData, locals));
+        loadPtr(Address(baseReg, localsOffset), baseReg);
         offset = al->index * sizeof(Value);
     } break;
     default:
diff --git a/src/qml/jsruntime/qv4context_p.h b/src/qml/jsruntime/qv4context_p.h
index 968f625e5c..c769dcd142 100644
--- a/src/qml/jsruntime/qv4context_p.h
+++ b/src/qml/jsruntime/qv4context_p.h
@@ -150,12 +150,28 @@ struct ExecutionContext : Base, public ExecutionContextData {
         lineNumber = -1;
     }
 
-    ContextType type : 8;
+    quint8 type;
     bool strictMode : 8;
+#if QT_POINTER_SIZE == 8
+    quint8 padding_[6];
+#else
+    quint8 padding_[2];
+#endif
 };
 V4_ASSERT_IS_TRIVIAL(ExecutionContext)
+Q_STATIC_ASSERT(sizeof(ExecutionContext) == sizeof(Base) + sizeof(ExecutionContextData) + QT_POINTER_SIZE);
+
+struct CallContextData {
+    Value *locals;
+};
+
+Q_STATIC_ASSERT(std::is_standard_layout<CallContextData>::value);
+Q_STATIC_ASSERT(offsetof(CallContextData, locals) == 0);
 
-struct CallContext : ExecutionContext {
+struct CallContextSizeStruct : public ExecutionContext, public CallContextData {};
+
+struct CallContext : ExecutionContext, public CallContextData {
+    static Q_CONSTEXPR size_t baseOffset = sizeof(CallContextSizeStruct) - sizeof(CallContextData);
     static CallContext *createSimpleContext(ExecutionEngine *v4);
     void freeSimpleCallContext();
 
@@ -168,7 +184,6 @@ struct CallContext : ExecutionContext {
 
     Pointer<FunctionObject> function;
     QV4::Function *v4Function;
-    Value *locals;
     Pointer<Object> activation;
 };
 V4_ASSERT_IS_TRIVIAL(CallContext)
-- 
cgit v1.2.3