Changeset 147798 in webkit for trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

Timestamp:

Apr 5, 2013, 2:34:15 PM (12 years ago)

Author:

[email protected]

Message:

If CallFrame::trueCallFrame() knows that it's about to read garbage instead of a valid CodeOrigin/InlineCallFrame, then it should give up and return 0 and all callers should be robust against this
​https://bugs.webkit.org/show_bug.cgi?id=114062

Reviewed by Oliver Hunt.

• bytecode/CodeBlock.h:

(JSC::CodeBlock::canGetCodeOrigin):
(CodeBlock):

• interpreter/CallFrame.cpp:

(JSC::CallFrame::trueCallFrame):

• interpreter/Interpreter.cpp:

(JSC::Interpreter::getStackTrace):

File:

• trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -689 +689 @@
 
     callFrame = callFrame->trueCallFrameFromVMCode();
+    if (!callFrame)
+        return;
 
     while (callFrame && callFrame != CallFrame::noCaller()) {