Context Navigation

Parser.cpp

Timestamp:

Feb 1, 2012, 4:08:00 PM (13 years ago)

Author:

Message:

calling function on catch block scope containing an eval result in wrong this value being passed
https://bugs.webkit.org/show_bug.cgi?id=77581

Reviewed by Oliver Hunt.

javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }

Source/JavaScriptCore:

(JSC::TryNode::emitBytecode):

(JSC::Interpreter::execute):

(JSC::ASTBuilder::createTryStatement):

(JSC::TryNode::TryNode):

(TryNode):

(JSC::::parseTryStatement):

(JSC::SyntaxChecker::createTryStatement):

(JSObject):
(JSC::JSObject::isStaticScopeObject):
(JSC):

LayoutTests:

(checkThis):
(testEvalInCatch):

File:

-              r106297
+              r106512
     TreeStatement tryBlock = 0;
     const Identifier* ident = &m_globalData->propertyNames->nullIdentifier;
-    bool catchHasEval = false;
     TreeStatement catchBlock = 0;
     TreeStatement finallyBlock = 0;
 …
         consumeOrFail(CLOSEPAREN);
         matchOrFail(OPENBRACE);
-        int initialEvalCount = context.evalCount();
         catchBlock = parseBlockStatement(context);
         failIfFalseWithMessage(catchBlock, "'try' must have a catch or finally block");
-        catchHasEval = initialEvalCount != context.evalCount();
         failIfFalse(popScope(catchScope, TreeBuilder::NeedsFreeVariableInfo));
+    }
 …
+    }
     failIfFalse(catchBlock || finallyBlock);
     return context.createTryStatement(m_lexer->lastLineNumber(), tryBlock, ident, catchHasEval, catchBlock, finallyBlock, firstLine, lastLine);
+    return context.createTryStatement(m_lexer->lastLineNumber(), tryBlock, ident, catchBlock, finallyBlock, firstLine, lastLine);
+}

Note: See TracChangeset for help on using the changeset viewer.