Hi Peter, I somehow overlooked this patch for the past three weeks, and just saw this now. Sorry about this! Unfortunately, I'm leaving this afternoon for a three-week vacation. I'll investigate this issue as soon as I get back!
Cheers, Yang Yang Guo | Software Engineer | Google Germany GmbH | Dienerstr. 12, 80331 München Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Katherine Stephens On Tue, Apr 2, 2013 at 2:36 AM, <[email protected]> wrote: > Reviewers: Yang, > > Message: > Hi Yang > > Could you please advise with this issue. > > Originally WebKit crashes on debug-mode assert at > > receiver = isolate->factory()->ToObject(**receiver, > calling_frames_native_context)**; > > at runtime.cc:10443 > > because it spots a frame with a global object === undefined > > This patch checks that the undefined global object indeed can appear. If > you > apply this patch and try to compile x64 version (not ia32!), build will > fail. > > We probably need to fix some part of this. Either get rid of undefined or > allow > it in assert. > > What do you think about this? > > Peter > > Description: > Demo for WebKit bug #113735 > > See the bug info: > https://bugs.webkit.org/show_**bug.cgi?id=113735<https://bugs.webkit.org/show_bug.cgi?id=113735> > > Please review this at > https://codereview.chromium.**org/13412003/<https://codereview.chromium.org/13412003/> > > SVN Base: > https://v8.googlecode.com/svn/**branches/bleeding_edge<https://v8.googlecode.com/svn/branches/bleeding_edge> > > Affected files: > M src/array.js > > > Index: src/array.js > diff --git a/src/array.js b/src/array.js > index 7cf744bedf29fc9c138b848d8d66d9**021cd8afa0..** > 59c1e31dda7c13bee8435d53bc25ce**1bca810c59 100644 > --- a/src/array.js > +++ b/src/array.js > @@ -741,6 +741,9 @@ function ArraySplice(start, delete_count) { > return deleted_elements; > } > > +if ( IS_NULL_OR_UNDEFINED((**function(){return this;})()) ) { > + throw "Failed check for bad global object"; > +} > > function ArraySort(comparefn) { > if (IS_NULL_OR_UNDEFINED(this) && !IS_UNDETECTABLE(this)) { > > > -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
