Context Navigation

← Previous Change
Next Change →

JSActivation.cpp

Timestamp:

May 23, 2008, 4:44:40 PM (17 years ago)

Author:

[email protected]

Message:

2008-05-23 Anders Carlsson <[email protected]>

Reviewed by Geoff.

<rdar://problem/5959886> REGRESSION: Assertion failure in JSImmediate::toString when loading GMail (19217)

Change List to store a JSValue* pointer + an offset instead of a JSValue pointer to protect against the case where
a register file changes while a list object points to its buffer.

VM/Machine.cpp: (KJS::Machine::privateExecute):
kjs/JSActivation.cpp: (KJS::JSActivation::createArgumentsObject):
kjs/list.cpp: (KJS::List::getSlice):
kjs/list.h: (KJS::List::List): (KJS::List::at): (KJS::List::append): (KJS::List::begin): (KJS::List::end): (KJS::List::buffer):

File:

: 1 edited

trunk/JavaScriptCore/kjs/JSActivation.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/kjs/JSActivation.cpp

r33979	r34095
186	186	int argc;
187	187	exec->machine()->getFunctionAndArguments(registerBase(), callFrame, function, argv, argc);
188		List args(~~&argv->u.jsValue~~, argc);
	188	List args(reinterpret_cast<JSValue**>(registerBase()), argv - registerBase(), argc);
189	189	return new Arguments(exec, function, args, this);
190	190	}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 34095 in webkit for trunk/JavaScriptCore/kjs/JSActivation.cpp

Legend:

trunk/JavaScriptCore/kjs/JSActivation.cpp

Download in other formats: