diff options
| author | Carol Eidt <carol.eidt@microsoft.com> | 2020-02-13 14:27:49 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-13 14:27:49 -0800 |
| commit | efcf98fc7885dc423bdf61b3423dddc63c36075f (patch) | |
| tree | c39644aaa7f2e717383860b7b0eb12760e2ec3e6 /src | |
| parent | a86e825a641cf637d641e35f9ca88b65fe7ae801 (diff) | |
| download | coreclr-efcf98fc7885dc423bdf61b3423dddc63c36075f.tar.gz coreclr-efcf98fc7885dc423bdf61b3423dddc63c36075f.tar.bz2 coreclr-efcf98fc7885dc423bdf61b3423dddc63c36075f.zip | |
Port of dotnet/runtime#1059 to 3.1 branch (#27986)
This is the fix for #27924. This is a GC hole bug that was found externally, #27590.
The cause is that the JIT was using the target type of the subtract when it needed
to make a copy of the source, but it needs to use the source type.
## Customer Impact
Corruption of state that is non-deterministic and hard to track down.
## Regression?
Not a recent regression, but exposed by Unsafe.ByteOffset.
## Testing
The fix has been verified in the runtime repo.
## Risk
Low: The fix is straightfoward and only impacts 3 lines of code.
Diffstat (limited to 'src')
| -rw-r--r-- | src/jit/codegenxarch.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/jit/codegenxarch.cpp b/src/jit/codegenxarch.cpp index 521aaca407..a235e41922 100644 --- a/src/jit/codegenxarch.cpp +++ b/src/jit/codegenxarch.cpp @@ -954,9 +954,10 @@ void CodeGen::genCodeForBinary(GenTreeOp* treeNode) // reg3 = reg3 op reg2 else { - inst_RV_RV(ins_Copy(targetType), targetReg, op1reg, targetType); + var_types op1Type = op1->TypeGet(); + inst_RV_RV(ins_Copy(op1Type), targetReg, op1reg, op1Type); regSet.verifyRegUsed(targetReg); - gcInfo.gcMarkRegPtrVal(targetReg, targetType); + gcInfo.gcMarkRegPtrVal(targetReg, op1Type); dst = treeNode; src = op2; } |