Title: [173031] trunk/Source/_javascript_Core
- Revision
- 173031
- Author
- [email protected]
- Date
- 2014-08-27 16:06:00 -0700 (Wed, 27 Aug 2014)
Log Message
Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
https://bugs.webkit.org/show_bug.cgi?id=136313
Patch by Akos Kiss <[email protected]> on 2014-08-27
Reviewed by Michael Saboff.
Do not rely on calling conventions to fill in the CallerFrame component
of the execCallee parameter of JSC::operationCallEval.
* jit/JITOperations.cpp:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (173030 => 173031)
--- trunk/Source/_javascript_Core/ChangeLog 2014-08-27 23:01:30 UTC (rev 173030)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-08-27 23:06:00 UTC (rev 173031)
@@ -1,3 +1,15 @@
+2014-08-27 Akos Kiss <[email protected]>
+
+ Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
+ https://bugs.webkit.org/show_bug.cgi?id=136313
+
+ Reviewed by Michael Saboff.
+
+ Do not rely on calling conventions to fill in the CallerFrame component
+ of the execCallee parameter of JSC::operationCallEval.
+
+ * jit/JITOperations.cpp:
+
2014-08-27 Saam Barati <[email protected]>
Deconstruction object pattern node emits the wrong start/end text positions
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (173030 => 173031)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2014-08-27 23:01:30 UTC (rev 173030)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2014-08-27 23:06:00 UTC (rev 173031)
@@ -611,6 +611,7 @@
execCallee->setScope(exec->scope());
execCallee->setCodeBlock(0);
+ execCallee->setCallerFrame(exec);
if (!isHostFunction(execCallee->calleeAsValue(), globalFuncEval))
return JSValue::encode(JSValue());
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
