Changeset 173031 in webkit


Ignore:
Timestamp:
Aug 27, 2014 4:06:00 PM (10 years ago)
Author:
commit-queue@webkit.org
Message:

Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
https://bugs.webkit.org/show_bug.cgi?id=136313

Patch by Akos Kiss <akiss@inf.u-szeged.hu> on 2014-08-27
Reviewed by Michael Saboff.

Do not rely on calling conventions to fill in the CallerFrame component
of the execCallee parameter of JSC::operationCallEval.

  • jit/JITOperations.cpp:
Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r173026 r173031  
     12014-08-27  Akos Kiss  <akiss@inf.u-szeged.hu>
     2
     3        Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
     4        https://bugs.webkit.org/show_bug.cgi?id=136313
     5
     6        Reviewed by Michael Saboff.
     7
     8        Do not rely on calling conventions to fill in the CallerFrame component
     9        of the execCallee parameter of JSC::operationCallEval.
     10
     11        * jit/JITOperations.cpp:
     12
    1132014-08-27  Saam Barati  <sbarati@apple.com>
    214

  • trunk/Source/JavaScriptCore/jit/JITOperations.cpp

    r172932 r173031  
    612612    execCallee->setScope(exec->scope());
    613613    execCallee->setCodeBlock(0);
     614    execCallee->setCallerFrame(exec);
    614615
    615616    if (!isHostFunction(execCallee->calleeAsValue(), globalFuncEval))
Note: See TracChangeset for help on using the changeset viewer.