Comment #3 on issue 2095 by [email protected]: stack corruption with
latest v8 Versions
http://code.google.com/p/v8/issues/detail?id=2095
The following appears to be the flow of script before the crash occurs.
Below functions are under nhn.scmt.mobile.js (unless mentioned otherwise)
if (this._isCommentExist(g)) {
this.runCallback("commentExist", {auth: b,list:
d,parentComment: i,total: g,page: e,pageSize: f});
} else {
this.runCallback("noComments", {auth: b});
}
runCallback: function(h, g) {
var e = this._getCallbacks(h) || [];
for (var f = 0;
f < e.length;
f++) {
e[f](g); // as it is a loop, we are interested only in the
iteration that calls the below script functions
}
}});
commentExist: function(e) {
d._setAuth(e.auth);
d._updateItemArea(e);
d._updatePaginationArea(e);
}});
_updateItemArea: function(d) {
this._oItemArea.update(d);
}
update: function(f) {
this._updateAuthInfo(f.auth);
this._printCommentList(f);
this._focusToCommentIfExist(f);
}
_printCommentList: function(g) {
var f = {userId: this._userId,snsType: this._snsType,list:
g.list};
this.updateAreaUsingTemplate("item", f);
}
,updateAreaUsingTemplate: function(e, g) {
var f = this.getHtmlFromTemplate(e, g);
this.getAreaElement().empty().html(f);
}
getHtmlFromTemplate: function(e, g) {
var f = this.getTemplate(e); //this call reaches
commentItemArea#item finally and then returns -
//Alert No.1 - not hit as we never return from f.process(g)
call
return f.process(g);
}
Below function is inside jindo_custom.js
jindo.$Template.prototype.process = function(data) {
................
...............
tpl = tpl.reverse().join("").replace(new
RegExp(leftBrace, "g"), "{").replace(new RegExp(rightBrace, "g"), "}");
var _aStr = [];
_aStr.push("var s=[],i=0;");
_aStr.push('function isArray(o){ return
Object.prototype.toString.call(o) == "[object Array]" };');
_aStr.push(tpl);
_aStr.push('return s.join("");');
// Alert No. 2 - hit
tpl = tpl(data); // this is the call that leads to the
crash
//Alert No.3 - not hit as we don't return from tpl(data) call
return tpl
};
In the tpl constructor, part of the _aStr stack push operations creates a
code string to which other elements are added. Code is as below:-->
----------------------------------------------------------------------------------
false || function(d) {
var s = [], i = 0;
function isArray(o) {
return Object.prototype.toString.call(o) == "[object Array]"
}
;
d.isListPage = (d.pageId) === "commentListPage";
s[i++] = " ";
d.isWritingPage = (d.pageId) === "commentWritingPage";
s[i++] = " <div id=\"tabArea\"> <ul class=\"cmt_tab\"> <li
style=\"width:50%\" ";
if (d.isListPage) {
s[i++] = "class=\"on\"";
}
;
s[i++] = "><a href=\"#\" class=\"_tab(commentListPage)
_nclicks(rpt.list)\">?? <span class=\"_count\">";
s[i++] = d.count;
s[i++] = "</span></a></li> <li ";
if (d.isWritingPage) {
s[i++] = "class=\"on\"";
}
;
s[i++] = "><a href=\"#\" class=\"_tab(commentWritingPage)
_nclicks(rpt.write)\">????</a></li> </ul> </div>";
return s.join("");
}
----------------------------------------------------------------------------------
I guess the above code causes the stack corruption.
Can anyone let me know the reason for the stack corruption....
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
