Changeset 161038 in webkit
- Timestamp:
- Dec 23, 2013, 4:49:45 PM (11 years ago)
- Location:
- branches/jsCStack/Source/JavaScriptCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
interpreter/JSStack.cpp (modified) (1 diff)
-
interpreter/JSStackInlines.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/jsCStack/Source/JavaScriptCore/ChangeLog
r161036 r161038 1 2013-12-23 Mark Lam <mark.lam@apple.com> 2 3 CStack:Fixed JSStack::disableErrorStackReserve() and JSStack::installTrapsAfterFrame(). 4 https://bugs.webkit.org/show_bug.cgi?id=126191. 5 6 Not yet reviewed. 7 8 1. JSStack::disableErrorStackReserve() was wrongly comparing m_end with m_useableTop. 9 Fixed the comparison. 10 2. JSStack::installTrapsAfterFrame() was wrongly overwriting the top slot of the top 11 frame. Fixed to start the trap words at the slot below the top slot in the top 12 frame (as in at lower memory below the allocated stack memory above it). 13 14 * interpreter/JSStack.cpp: 15 (JSC::JSStack::disableErrorStackReserve): 16 * interpreter/JSStackInlines.h: 17 (JSC::JSStack::installTrapsAfterFrame): 18 1 19 2013-12-23 Mark Lam <mark.lam@apple.com> 2 20 -
branches/jsCStack/Source/JavaScriptCore/interpreter/JSStack.cpp
r161036 r161038 161 161 // enabled the reserve was not previously in use. Hence, it is safe to 162 162 // shrink back to that m_useableTop. 163 if (m_end < m_useableTop) {163 if (m_end + 1 < m_useableTop) { 164 164 ASSERT(m_topCallFrame->topOfFrame() > m_useableTop); 165 165 shrink(m_useableTop); -
branches/jsCStack/Source/JavaScriptCore/interpreter/JSStackInlines.h
r161036 r161038 296 296 // Lay the traps: 297 297 int32_t* p = startOfTrap; 298 while ( p >endOfTrap)299 *p --= 0xabadcafe; // A bad word to trigger a crash if deref'ed.298 while (--p >= endOfTrap) 299 *p = 0xabadcafe; // A bad word to trigger a crash if deref'ed. 300 300 } 301 301 #endif // ENABLE(DEBUG_JSSTACK)
Note:
See TracChangeset
for help on using the changeset viewer.
