[webkit-changes] [163342] trunk/Source/JavaScriptCore

Mon, 03 Feb 2014 16:42:10 -0800

Title: [163342] trunk/Source/_javascript_Core
Revision
163342
Author
msab...@apple.com
Date
2014-02-03 16:37:51 -0800 (Mon, 03 Feb 2014)

Log Message

REGRESSION (r163011-r163031): Web Inspector: Latest nightly crashes when showing the Web Inspector
https://bugs.webkit.org/show_bug.cgi?id=127901

Reviewed by Geoffrey Garen.

Set VM::topCallFrame before making calls to possible C++ code in
generateProtoChainAccessStub() and tryBuildGetByIDList().

* jit/Repatch.cpp:
(JSC::generateProtoChainAccessStub):
(JSC::tryBuildGetByIDList):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (163341 => 163342)


--- trunk/Source/_javascript_Core/ChangeLog	2014-02-04 00:37:15 UTC (rev 163341)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-02-04 00:37:51 UTC (rev 163342)
@@ -1,3 +1,17 @@
+2014-02-03  Michael Saboff  <msab...@apple.com>
+
+        REGRESSION (r163011-r163031): Web Inspector: Latest nightly crashes when showing the Web Inspector
+        https://bugs.webkit.org/show_bug.cgi?id=127901
+
+        Reviewed by Geoffrey Garen.
+
+        Set VM::topCallFrame before making calls to possible C++ code in
+        generateProtoChainAccessStub() and tryBuildGetByIDList().
+
+        * jit/Repatch.cpp:
+        (JSC::generateProtoChainAccessStub):
+        (JSC::tryBuildGetByIDList):
+
 2014-02-03  Andreas Kling  <akl...@apple.com>
 
         Keep only captured symbols in CodeBlock symbol tables.

Modified: trunk/Source/_javascript_Core/jit/Repatch.cpp (163341 => 163342)


--- trunk/Source/_javascript_Core/jit/Repatch.cpp	2014-02-04 00:37:15 UTC (rev 163341)
+++ trunk/Source/_javascript_Core/jit/Repatch.cpp	2014-02-04 00:37:51 UTC (rev 163342)
@@ -321,6 +321,7 @@
         // right now!
         stubJit.store32(MacroAssembler::TrustedImm32(exec->locationAsRawBits()),
             CCallHelpers::tagFor(static_cast<VirtualRegister>(JSStack::ArgumentCount)));
+        stubJit.storePtr(GPRInfo::callFrameRegister, &vm->topCallFrame);
 
         operationCall = stubJit.call();
 #if USE(JSVALUE64)
@@ -634,6 +635,7 @@
             stubJit.store32(
                 MacroAssembler::TrustedImm32(exec->locationAsRawBits()),
                 CCallHelpers::tagFor(static_cast<VirtualRegister>(JSStack::ArgumentCount)));
+            stubJit.storePtr(GPRInfo::callFrameRegister, &vm->topCallFrame);
             
             operationCall = stubJit.call();
 #if USE(JSVALUE64)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to