Context Navigation

interpreter

Timestamp:

Sep 27, 2012, 5:50:34 PM (13 years ago)

Author:

Message:

Fixed CallFrameClosure::resetCallFrame() to use the valid
range of argument index values.
https://bugs.webkit.org/show_bug.cgi?id=97836.

Reviewed by Gavin Barraclough.

(ExecState):

(JSC::CallFrameClosure::resetCallFrame):

Location:

trunk/Source/JavaScriptCore/interpreter

Files:

-              r129453
+              r129827
         static int argumentOffsetIncludingThis(int argument) { return s_thisArgumentOffset - argument; }
+        // In the following (argument() and setArgument()), the 'argument'
+        // parameter is the index of the arguments of the target function of
+        // this frame. The index starts at 0 for the first arg, 1 for the
+        // second, etc.
+        //
+        // The arguments (in this case) do not include the 'this' value.
+        // arguments(0) will not fetch the 'this' value. To get/set 'this',
+        // use thisValue() and setThisValue() below.
         JSValue argument(size_t argument)
+        {

-              r127202
+              r129827
+    {
         newCallFrame->setScope(scope);
+        for (int i = argumentCountIncludingThis; i < parameterCountIncludingThis; ++i)
+        // setArgument() takes an arg index that starts from 0 for the first
+        // argument after the 'this' value. Since both argumentCountIncludingThis
+        // and parameterCountIncludingThis includes the 'this' value, we need to
+        // subtract 1 from them to make i a valid argument index for setArgument().
+        for (int i = argumentCountIncludingThis-1; i < parameterCountIncludingThis-1; ++i)
             newCallFrame->setArgument(i, jsUndefined());
+    }

Note: See TracChangeset for help on using the changeset viewer.