Changeset 51672 in webkit for trunk/JavaScriptCore/runtime


Ignore:
Timestamp:
Dec 3, 2009, 6:17:46 PM (15 years ago)
Author:
[email protected]
Message:

REGRESSION(4.0.3-48777): Crash in JSC::ExecState::propertyNames() (Debug-only?)
https://bugs.webkit.org/show_bug.cgi?id=32133

Reviewed by Gavin Barraclough.

Work around odd GCC-ism and correct the scopechain for use by
calls made while a cachedcall is active on the callstack.

Location:
trunk/JavaScriptCore/runtime
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/runtime/ArrayPrototype.cpp

    r48948 r51672  
    746746            cachedCall.setArgument(1, jsNumber(exec, k));
    747747            cachedCall.setArgument(2, thisObj);
    748            
    749             if (!cachedCall.call().toBoolean(exec))
     748            JSValue result = cachedCall.call();
     749            if (!result.toBoolean(cachedCall.newCallFrame(exec)))
    750750                return jsBoolean(false);
    751751        }
     
    847847            cachedCall.setArgument(1, jsNumber(exec, k));
    848848            cachedCall.setArgument(2, thisObj);
    849            
    850             if (cachedCall.call().toBoolean(exec))
     849            JSValue result = cachedCall.call();
     850            if (result.toBoolean(cachedCall.newCallFrame(exec)))
    851851                return jsBoolean(true);
    852852        }

  • trunk/JavaScriptCore/runtime/JSArray.cpp

    r49065 r51672  
    786786            m_cachedCall->setArgument(0, va);
    787787            m_cachedCall->setArgument(1, vb);
    788             compareResult = m_cachedCall->call().toNumber(m_cachedCall->newCallFrame());
     788            compareResult = m_cachedCall->call().toNumber(m_cachedCall->newCallFrame(m_exec));
    789789        } else {
    790790            MarkedArgumentBuffer arguments;

  • trunk/JavaScriptCore/runtime/StringPrototype.cpp

    r51307 r51672  
    282282               
    283283                cachedCall.setThis(exec->globalThisValue());
    284                 replacements.append(cachedCall.call().toString(cachedCall.newCallFrame()));
     284                JSValue result = cachedCall.call();
     285                replacements.append(result.toString(cachedCall.newCallFrame(exec)));
    285286                if (exec->hadException())
    286287                    break;
Note: See TracChangeset for help on using the changeset viewer.