Changeset 29542 in webkit for trunk/JavaScriptCore/kjs/function.cpp

Timestamp:

Jan 16, 2008, 3:16:53 PM (17 years ago)

Author:

[email protected]

Message:

JavaScriptCore:

Reviewed by Maciej & Darin.

Fixes Bug 16868: Gmail crash

and Bug 16871: Crash when loading apple.com/startpage

<​http://bugs.webkit.org/show_bug.cgi?id=16868>
<rdar://problem/5686108>

<​http://bugs.webkit.org/show_bug.cgi?id=16871>
<rdar://problem/5686670>

Adds ActivationImp tear-off for cross-window eval() and fixes an
existing garbage collection issue exposed by the ActivationImp tear-off
patch (r29425) that can occur when an ExecState's m_callingExec is
different than its m_savedExec.

• kjs/ExecState.cpp: (KJS::ExecState::mark):
• kjs/function.cpp: (KJS::GlobalFuncImp::callAsFunction):

LayoutTests:

Reviewed by Maciej.

Added a test that checks whether ActivationImp tear-off occurs before
a cross-window eval(). Relevant to

Bug 16868: Gmail crash

<​http://bugs.webkit.org/show_bug.cgi?id=16868>
<rdar://problem/5686108>

• fast/js/window-eval-tearoff-expected.txt: Added.
• fast/js/window-eval-tearoff.html: Added.

File:

• trunk/JavaScriptCore/kjs/function.cpp (modified) (1 diff)

trunk/JavaScriptCore/kjs/function.cpp

@@ -751 +751 @@
 
         // enter a new execution context
-        if (!switchGlobal)
-            exec->dynamicGlobalObject()->tearOffActivation(exec);
-        
+        exec->dynamicGlobalObject()->tearOffActivation(exec);
         JSGlobalObject* globalObject = switchGlobal ? static_cast<JSGlobalObject*>(thisObj) : exec->dynamicGlobalObject();
         ExecState newExec(globalObject, evalNode.get(), exec);