[v8-dev] Handle null receiver in sloppy mode in %GetFrameDetails. (issue 492303006 by [email protected])

Fri, 22 Aug 2014 05:42:50 -0700 

Reviewers: jarin,

Description:
Handle null receiver in sloppy mode in %GetFrameDetails.

[email protected]
BUG=405922
LOG=N

Please review this at https://codereview.chromium.org/492303006/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+32, -3 lines):
  M src/runtime.cc
  A test/mjsunit/regress/regress-crbug-405922.js


Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index 2a58b071a2353a6a114ffdb34ab1b64aef8c00b4..16164342a9a11ece230d99afc1842009c1f2d0a0 100644 
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -11500,11 +11500,13 @@ RUNTIME_FUNCTION(Runtime_GetFrameDetails) {
     if (receiver->IsUndefined()) {
       receiver = handle(function->global_proxy());
     } else {
-      DCHECK(!receiver->IsNull());
       Context* context = Context::cast(it.frame()->context());
Handle<Context> native_context(Context::cast(context->native_context())); 
-      receiver = Object::ToObject(
-          isolate, receiver, native_context).ToHandleChecked();
+      if (!Object::ToObject(isolate, receiver, native_context)
+               .ToHandle(&receiver)) {
+ // This only happens if the receiver is forcibly set in %_CallFunction. 
+        return heap->undefined_value();
+      }
     }
   }
   details->set(kFrameDetailsReceiverIndex, *receiver);
Index: test/mjsunit/regress/regress-crbug-405922.js
diff --git a/test/mjsunit/regress/regress-crbug-405922.js b/test/mjsunit/regress/regress-crbug-405922.js 
new file mode 100644
index 0000000000000000000000000000000000000000..9f76a862dbef5a257ab287737652f59c503fbdd1 
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-405922.js
@@ -0,0 +1,27 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --expose-debug-as debug
+
+Debug = debug.Debug
+
+function listener(event, exec_state, event_data, data) {
+  try {
+    if (event == Debug.DebugEvent.Break) {
+      exec_state.prepareStep(Debug.StepAction.StepIn, 3);
+    }
+  } catch (e) {
+  }
+}
+
+Debug.setListener(listener);
+
+function f(x) {
+  if (x > 0) %_CallFunction(null, x-1, f);
+}
+
+debugger;
+f(2);
+
+Debug.setListener(null);


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to