[v8-dev] [v8] r23312 committed - Handle null receiver in sloppy mode in %GetFrameDetails....

[codesite-noreply via v8-dev]

Revision: 23312
Author:   yang...@chromium.org
Date:     Fri Aug 22 12:55:23 2014 UTC
Log:      Handle null receiver in sloppy mode in %GetFrameDetails.
R=ja...@chromium.org
BUG=405922
LOG=N

Review URL: https://codereview.chromium.org/492303006
https://code.google.com/p/v8/source/detail?r=23312

Added:
 /branches/bleeding_edge/test/mjsunit/regress/regress-crbug-405922.js
Modified:
 /branches/bleeding_edge/src/runtime.cc

=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-crbug-405922.js	 
Fri Aug 22 12:55:23 2014 UTC
@@ -0,0 +1,27 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --expose-debug-as debug
+
+Debug = debug.Debug
+
+function listener(event, exec_state, event_data, data) {
+  try {
+    if (event == Debug.DebugEvent.Break) {
+      exec_state.prepareStep(Debug.StepAction.StepIn, 3);
+    }
+  } catch (e) {
+  }
+}
+
+Debug.setListener(listener);
+
+function f(x) {
+  if (x > 0) %_CallFunction(null, x-1, f);
+}
+
+debugger;
+f(2);
+
+Debug.setListener(null);
=======================================
--- /branches/bleeding_edge/src/runtime.cc      Fri Aug 22 11:43:39 2014 UTC
+++ /branches/bleeding_edge/src/runtime.cc      Fri Aug 22 12:55:23 2014 UTC
@@ -11500,11 +11500,13 @@
     if (receiver->IsUndefined()) {
       receiver = handle(function->global_proxy());
     } else {
-      DCHECK(!receiver->IsNull());
       Context* context = Context::cast(it.frame()->context());
       Handle<Context>  
native_context(Context::cast(context->native_context()));
-      receiver = Object::ToObject(
-          isolate, receiver, native_context).ToHandleChecked();
+      if (!Object::ToObject(isolate, receiver, native_context)
+               .ToHandle(&receiver)) {
+        // This only happens if the receiver is forcibly set  
in %_CallFunction.
+        return heap->undefined_value();
+      }
     }
   }
   details->set(kFrameDetailsReceiverIndex, *receiver);

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.