Changeset 63515 in webkit for trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

Timestamp:

Jul 15, 2010, 9:58:30 PM (15 years ago)

Author:

[email protected]

Message:

2010-07-15 Geoffrey Garen <​[email protected]>

Reviewed by Maciej Stachowiak.

Crash entering mail.yahoo.com
​https://bugs.webkit.org/show_bug.cgi?id=42394

• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::argumentNumberFor): Added a NULL check. If the identifier we're resolving is not a local variable, registerFor returns NULL.

• bytecompiler/NodesCodegen.cpp: (JSC::FunctionBodyNode::emitBytecode): Unrelated to the crash, but I noticed this while working on it: No need to NULL-check returnNode, since an early return has already done so.

2010-07-15 Geoffrey Garen <​[email protected]>

Reviewed by Maciej Stachowiak.

Test for ​https://bugs.webkit.org/show_bug.cgi?id=42394
Crash entering mail.yahoo.com

• fast/js/numeric-compare.html: Added.
• fast/js/script-tests/numeric-compare.js: Added.

File:

• trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (1 diff)

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -2052 +2052 @@
 {
     int parameterCount = m_parameters.size(); // includes 'this'
-    int index = registerFor(ident)->index() + RegisterFile::CallFrameHeaderSize + parameterCount;
+    RegisterID* registerID = registerFor(ident);
+    if (!registerID)
+        return 0;
+    int index = registerID->index() + RegisterFile::CallFrameHeaderSize + parameterCount;
     return (index > 0 && index < parameterCount) ? index : 0;
 }