Ignore:
Timestamp:
Dec 31, 2008, 6:33:43 PM (16 years ago)
Author:
[email protected]
Message:

[jsfunfuzz] Computed exception offset wrong when first instruction is attempt to resolve deleted eval
<https://bugs.webkit.org/show_bug.cgi?id=23062>

Reviewed by Gavin Barraclough.

This was caused by the expression information for the initial resolve of
eval not being emitted. If this resolve was the first instruction that
could throw an exception the information search would fail leading to an
assertion failure. If it was not the first throwable opcode the wrong
expression information would used.

Fix is simply to emit the expression info.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/parser/Nodes.cpp

    r39524 r39533  
    588588    RefPtr<RegisterID> func = generator.tempDestination(dst);
    589589    RefPtr<RegisterID> thisRegister = generator.newTemporary();
     590    generator.emitExpressionInfo(divot() - startOffset() + 4, 4, 0);
    590591    generator.emitResolveWithBase(thisRegister.get(), func.get(), generator.propertyNames().eval);
    591592    return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
Note: See TracChangeset for help on using the changeset viewer.