Context Navigation

← Previous Change
Next Change →

Nodes.cpp

Timestamp:

Mar 18, 2009, 12:24:39 AM (16 years ago)

Author:

Message:

<rdar://problem/6692138> REGRESSION (Safari 4): Incorrect function return value when using IE "try ... finally" memory leak work-around (24654)
<https://bugs.webkit.org/show_bug.cgi?id=24654>

Reviewed by Cameron Zwarich.

If the return value for a function is in a local register we need
to copy it before executing any finalisers, otherwise it is possible
for the finaliser to clobber the result.

File:

: 1 edited

trunk/JavaScriptCore/parser/Nodes.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/parser/Nodes.cpp

-              r41342
+              r41806
         dst = 0;
     RegisterID* r0 = m_value ? generator.emitNode(dst, m_value.get()) : generator.emitLoad(dst, jsUndefined());
+    RefPtr<RegisterID> returnRegister;
     if (generator.scopeDepth()) {
         RefPtr<Label> l0 = generator.newLabel();
+        if (generator.hasFinaliser() && !r0->isTemporary()) {
+            returnRegister = generator.emitMove(generator.newTemporary(), r0);
+            r0 = returnRegister.get();
+        }
         generator.emitJumpScopes(l0.get(), 0);
         generator.emitLabel(l0.get());

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 41806 in webkit for trunk/JavaScriptCore/parser/Nodes.cpp

Legend:

trunk/JavaScriptCore/parser/Nodes.cpp

Download in other formats: