[webkit-changes] [198016] releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Fri, 11 Mar 2016 06:29:07 -0800

Title: [198016] releases/WebKitGTK/webkit-2.12/Source/_javascript_Core
Revision
198016
Author
[email protected]
Date
2016-03-11 06:28:51 -0800 (Fri, 11 Mar 2016)

Log Message

Merge r197686 - REGRESSION (r197303): Web Inspector crashes web process when inspecting an element on TOT
<https://webkit.org/b/154812>

Reviewed by Geoffrey Garen.

Guard against null pointer dereference for UnlinkedCodeBlocks that don't have any control flow
profiling data.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::hasOpProfileControlFlowBytecodeOffsets):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog (198015 => 198016)


--- releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog	2016-03-11 14:28:40 UTC (rev 198015)
+++ releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog	2016-03-11 14:28:51 UTC (rev 198016)
@@ -1,3 +1,18 @@
+2016-03-07  Andreas Kling  <[email protected]>
+
+        REGRESSION (r197303): Web Inspector crashes web process when inspecting an element on TOT
+        <https://webkit.org/b/154812>
+
+        Reviewed by Geoffrey Garen.
+
+        Guard against null pointer dereference for UnlinkedCodeBlocks that don't have any control flow
+        profiling data.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
+        * bytecode/UnlinkedCodeBlock.h:
+        (JSC::UnlinkedCodeBlock::hasOpProfileControlFlowBytecodeOffsets):
+
 2016-02-28  Andreas Kling  <[email protected]>
 
         REGRESSION(r197303): 4 jsc tests failing on bots.

Modified: releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/bytecode/CodeBlock.cpp (198015 => 198016)


--- releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/bytecode/CodeBlock.cpp	2016-03-11 14:28:40 UTC (rev 198015)
+++ releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/bytecode/CodeBlock.cpp	2016-03-11 14:28:51 UTC (rev 198016)
@@ -4210,6 +4210,8 @@
 
 void CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler(RefCountedArray<Instruction>& instructions)
 {
+    if (!unlinkedCodeBlock()->hasOpProfileControlFlowBytecodeOffsets())
+        return;
     const Vector<size_t>& bytecodeOffsets = unlinkedCodeBlock()->opProfileControlFlowBytecodeOffsets();
     for (size_t i = 0, offsetsLength = bytecodeOffsets.size(); i < offsetsLength; i++) {
         // Because op_profile_control_flow is emitted at the beginning of every basic block, finding

Modified: releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h (198015 => 198016)


--- releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h	2016-03-11 14:28:40 UTC (rev 198015)
+++ releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h	2016-03-11 14:28:51 UTC (rev 198016)
@@ -355,6 +355,10 @@
         ASSERT(m_rareData);
         return m_rareData->m_opProfileControlFlowBytecodeOffsets;
     }
+    bool hasOpProfileControlFlowBytecodeOffsets() const
+    {
+        return m_rareData && !m_rareData->m_opProfileControlFlowBytecodeOffsets.isEmpty();
+    }
 
     void dumpExpressionRangeInfo(); // For debugging purpose only.
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to