Changeset 34751 in webkit


Ignore:
Timestamp:
Jun 23, 2008 5:19:25 PM (16 years ago)
Author:
cwzwarich@webkit.org
Message:

2008-06-23 Cameron Zwarich <cwzwarich@uwaterloo.ca>

Reviewed by Oliver.

Bug 19716: REGRESSION (SquirrelFish): Reproducible crash after entering a username at mint.com
<https://bugs.webkit.org/show_bug.cgi?id=19716>

When unwinding callframes for exceptions, check whether the callframe
was created by a reentrant native call to JavaScript after tearing off
the local variables instead of before.

JavaScriptCore:

  • VM/Machine.cpp: (KJS::Machine::unwindCallFrame):

LayoutTests:

  • fast/js/reentrant-call-unwind-expected.txt: Added.
  • fast/js/reentrant-call-unwind.html: Added.
  • fast/js/resources/reentrant-call-unwind.js: Added.
Location:
trunk
Files:
3 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/ChangeLog

    r34747 r34751  
     12008-06-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
     2
     3        Reviewed by Oliver.
     4
     5        Bug 19716: REGRESSION (SquirrelFish): Reproducible crash after entering a username at mint.com
     6        <https://bugs.webkit.org/show_bug.cgi?id=19716>
     7
     8        When unwinding callframes for exceptions, check whether the callframe
     9        was created by a reentrant native call to JavaScript after tearing off
     10        the local variables instead of before.
     11
     12        * VM/Machine.cpp:
     13        (KJS::Machine::unwindCallFrame):
     14
    1152008-06-23  Mark Rowe  <mrowe@apple.com>
    216

  • trunk/JavaScriptCore/VM/Machine.cpp

    r34696 r34751  
    576576    if (isGlobalCallFrame(registerBase, r))
    577577        return false;
    578 
    579     codeBlock = callFrame[CallerCodeBlock].u.codeBlock;
    580     if (!codeBlock)
    581         return false;
    582 
     578   
    583579    // If this call frame created an activation, tear it off.
    584580    if (JSActivation* activation = static_cast<JSActivation*>(callFrame[OptionalCalleeActivation].u.jsValue)) {
     
    586582        activation->copyRegisters();
    587583    }
     584   
     585    codeBlock = callFrame[CallerCodeBlock].u.codeBlock;
     586    if (!codeBlock)
     587        return false;
    588588
    589589    k = codeBlock->jsValues.data();

  • trunk/LayoutTests/ChangeLog

    r34745 r34751  
     12008-06-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
     2
     3        Reviewed by Oliver.
     4
     5        Tests for:
     6
     7        Bug 19716: REGRESSION (SquirrelFish): Reproducible crash after entering a username at mint.com
     8        <https://bugs.webkit.org/show_bug.cgi?id=19716>
     9
     10        * fast/js/reentrant-call-unwind-expected.txt: Added.
     11        * fast/js/reentrant-call-unwind.html: Added.
     12        * fast/js/resources/reentrant-call-unwind.js: Added.
     13
    1142008-06-23  David Kilzer  <ddkilzer@apple.com>
    215
Note: See TracChangeset for help on using the changeset viewer.