Changeset 39198 in webkit for trunk/JavaScriptCore/debugger/DebuggerCallFrame.cpp

Timestamp:

Dec 10, 2008, 10:27:36 PM (16 years ago)

Author:

[email protected]

Message:

2008-12-10 Cameron Zwarich <​[email protected]>

Reviewed by Oliver Hunt.

Bug 22734: Debugger crashes when stepping into a function call in a return statement
<​https://bugs.webkit.org/show_bug.cgi?id=22734>
<rdar://problem/6426796>

• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): The DebuggerCallFrame uses the 'this' value stored in a callFrame, so op_convert_this should be emitted at the beginning of a function body when generating bytecode with debug hooks.
• debugger/DebuggerCallFrame.cpp: (JSC::DebuggerCallFrame::thisObject): The assertion inherent in the call to asObject() here is valid, because any 'this' value should have been converted to a JSObject*.

File:

• trunk/JavaScriptCore/debugger/DebuggerCallFrame.cpp (modified) (1 diff)

trunk/JavaScriptCore/debugger/DebuggerCallFrame.cpp

@@ -61 +61 @@
         return 0;
 
-    // FIXME: Why is it safe to assume this is an object?
     return asObject(m_callFrame->thisValue());
 }