Changeset 40396 in webkit
- Timestamp:
- Jan 29, 2009 7:09:35 PM (15 years ago)
- Location:
- trunk/JavaScriptCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
interpreter/Interpreter.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JavaScriptCore/ChangeLog
r40345 r40396 1 2009-01-29 Cameron Zwarich <cwzwarich@uwaterloo.ca> 2 3 Reviewed by Oliver Hunt. 4 5 Bug 23551: Crash on page load with profiler enabled and running 6 <https://bugs.webkit.org/show_bug.cgi?id=23551> 7 <rdar://problem/6529521> 8 9 Interpreter::execute(FunctionBodyNode*, ...) calls Profiler::didExecute() 10 with a stale CallFrame. If some part of the scope chain has already been 11 freed, Profiler::didExecute() will crash when attempting to get the lexical 12 global object. The fix is to make the didExecute() call use the caller's 13 CallFrame, not the one made for the function call. In this case, the 14 willExecute() call should also be changed to match. 15 16 Since this occurs in the actual inspector JS, it is difficult to reduce. 17 I couldn't make a layout test. 18 19 * interpreter/Interpreter.cpp: 20 (JSC::Interpreter::execute): 21 1 22 2009-01-28 Sam Weinig <sam@webkit.org> 2 23 -
trunk/JavaScriptCore/interpreter/Interpreter.cpp
r40111 r40396 922 922 Profiler** profiler = Profiler::enabledProfilerReference(); 923 923 if (*profiler) 924 (*profiler)->willExecute( newCallFrame, function);924 (*profiler)->willExecute(callFrame, function); 925 925 926 926 JSValuePtr result; … … 940 940 941 941 if (*profiler) 942 (*profiler)->didExecute( newCallFrame, function);942 (*profiler)->didExecute(callFrame, function); 943 943 944 944 m_registerFile.shrink(oldEnd);
Note: See TracChangeset
for help on using the changeset viewer.
