18642 2008-04-20 16:17:28 -0700 Iterator context may get placed into the return register, leading to much badness 2008-04-20 19:58:18 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED P2 Normal --- 1 oliver oliver oliver oldest_to_newest 78340 0 oliver 2008-04-20 16:17:28 -0700 Haven't yet come up with a trivial example that leads to this occuring, but the following triggers it: var o = {toString:function(){ throw {}; return "wibble"; }}; o.bar = "bar"; o.__defineGetter__("foo", function(){ print("zomg"); return "wibble" }); try { print(o); } catch(e) { for (i in e) print("e[\""+i+"\"] = " + e[i]); } 78341 1 oliver 2008-04-20 16:24:09 -0700 Reduced to: var o; 1; // loads into tr0 for the end result try { o.b; } catch(e) { for (i in e); // tr0 isn't ref'd here, so is reused by the iterator. } 78358 2 20712 oliver 2008-04-20 19:29:36 -0700 Created attachment 20712 Patch o doom 78359 3 20713 oliver 2008-04-20 19:54:09 -0700 Created attachment 20713 patch #2 78360 4 20713 mjs 2008-04-20 19:55:00 -0700 Comment on attachment 20713 patch #2 r=me 78361 5 oliver 2008-04-20 19:58:18 -0700 Committed r32285 20712 2008-04-20 19:29:36 -0700 2008-04-20 19:54:09 -0700 Patch o doom bug18642.patch text/plain 3368 oliver ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyBiL0phdmFTY3JpcHRDb3JlL0No YW5nZUxvZwppbmRleCA4Zjc4N2RjLi45YWNlZTRlIDEwMDY0NAotLS0gYS9KYXZhU2NyaXB0Q29y ZS9DaGFuZ2VMb2cKKysrIGIvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjMg QEAKKzIwMDgtMDQtMjAgIE9saXZlciBIdW50ICA8b2xpdmVyQGFwcGxlLmNvbT4KKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBCdWcgMTg2NDI6IEl0ZXJh dG9yIGNvbnRleHQgbWF5IGdldCBwbGFjZWQgaW50byB0aGUgcmV0dXJuIHJlZ2lzdGVyLCBsZWFk aW5nIHRvIG11Y2ggYmFkbmVzcworICAgICAgICA8aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTE4NjQyPgorCisgICAgICAgIFRvIHByZXZlbnQgaW5jb3JyZWN0bHkgcmV1 c2luZyB3aGF0IHdpbGwgYmVjb21lIHRoZSByZXN1bHQgcmVnaXN0ZXIgZm9yCisgICAgICAgIGV2 YWwgYW5kIGdsb2JhbCBjb2RlIGV4ZWN1dGlvbiwgd2UgbmVlZCB0byByZXF1ZXN0IGFuZCByZWYg dGhlIGRlc3RpbmF0aW9uCisgICAgICAgIGluIGFkdmFuY2Ugb2YgY29kZWdlbi4gIFVuZm9ydHVu YXRlbHkgdGhpcyBtYXkgbGVhZCB0byB1bm5lY2Vzc2FyeSBjb3B5aW5nLAorICAgICAgICBhbHRo b3VnaCBpbiBmdXR1cmUgd2UgY2FuIHByb2JhYmx5IGxpbWl0IHRoaXMuICBDdXJpb3VzbHkgU3Vu U3BpZGVyIHNob3dzCisgICAgICAgIGEgcHJvZ3Jlc3Npb24gaW4gYSBudW1iZXIgb2YgdGVzdHMs IGFsdGhvdWdoIGl0IGNvbWVzIG91dCBhcyBhIHdhc2ggb3ZlcmFsbC4KKworICAgICAgICBUaGlz IGFsc28gZml4ZXMgb25lIG9mIHRoZSByZWdyZXNzaW9ucyBpbiBydW4tamF2YXNjcmlwdGNvcmUt dGVzdHMuCisKKyAgICAgICAgKiBranMvbm9kZXMuY3BwOgorICAgICAgICAoS0pTOjpUcnlOb2Rl OjplbWl0Q29kZSk6CisgICAgICAgIChLSlM6OkV2YWxOb2RlOjplbWl0Q29kZSk6CisgICAgICAg IChLSlM6OlByb2dyYW1Ob2RlOjplbWl0Q29kZSk6CisKIDIwMDgtMDQtMjAgIENhbWVyb24gWndh cmljaCAgPGN3endhcmljaEB1d2F0ZXJsb28uY2E+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgTWFj aWVqLgpkaWZmIC0tZ2l0IGEvSmF2YVNjcmlwdENvcmUva2pzL25vZGVzLmNwcCBiL0phdmFTY3Jp cHRDb3JlL2tqcy9ub2Rlcy5jcHAKaW5kZXggZjZjZDk0NC4uNmFhMjgyZSAxMDA2NDQKLS0tIGEv SmF2YVNjcmlwdENvcmUva2pzL25vZGVzLmNwcAorKysgYi9KYXZhU2NyaXB0Q29yZS9ranMvbm9k ZXMuY3BwCkBAIC01NTQzLDcgKzU1NDMsMTYgQEAgUmVnaXN0ZXJJRCogVHJ5Tm9kZTo6ZW1pdENv ZGUoQ29kZUdlbmVyYXRvciYgZ2VuZXJhdG9yLCBSZWdpc3RlcklEKiBkc3QpCiAgICAgICAgIGdl bmVyYXRvci5wdXNoRmluYWxseUNvbnRleHQoZmluYWxseVN0YXJ0LmdldCgpLCBmaW5hbGx5UmV0 dXJuQWRkci5nZXQoKSk7CiAgICAgfQogICAgIGdlbmVyYXRvci5lbWl0TGFiZWwodHJ5U3RhcnRM YWJlbC5nZXQoKSk7Ci0gICAgZ2VuZXJhdG9yLmVtaXROb2RlKGRzdCwgbV90cnlCbG9jay5nZXQo KSk7CisgICAgaWYgKGRzdCkgeworICAgICAgICAvLyBJZiB3ZSdyZSBpbnNpZGUgYSB0cnkgYmxv Y2sgdGhlbiB3aGVuIGFuIGV4Y2VwdGlvbiBpcyB0aHJvdyB3ZSBtYXkgbm90CisgICAgICAgIC8v IHRlYXIgZG93biB0aGUgY2FsbGZyYW1lLCBzbyB3ZSB3aWxsIG5lZWQgdG8gcHJvdGVjdCB0aGUg ZHN0IHJlZ2lzdGVyCisgICAgICAgIC8vIGZyb20gYSBib2d1cyB3cml0ZS4KKyAgICAgICAgUmVm UHRyPFJlZ2lzdGVySUQ+IGRzdFJlZ2lzdGVyID0gZHN0OworICAgICAgICBSZWZQdHI8UmVnaXN0 ZXJJRD4gdGVtcERlc3QgPSBnZW5lcmF0b3IubmV3VGVtcG9yYXJ5KCk7CisgICAgICAgIGdlbmVy YXRvci5lbWl0Tm9kZSh0ZW1wRGVzdC5nZXQoKSwgbV90cnlCbG9jay5nZXQoKSk7CisgICAgICAg IGdlbmVyYXRvci5lbWl0TW92ZShkc3RSZWdpc3Rlci5nZXQoKSwgdGVtcERlc3QuZ2V0KCkpOwor ICAgIH0gZWxzZSAKKyAgICAgICAgZ2VuZXJhdG9yLmVtaXROb2RlKG1fdHJ5QmxvY2suZ2V0KCkp OwogICAgIGdlbmVyYXRvci5lbWl0TGFiZWwodHJ5RW5kTGFiZWwuZ2V0KCkpOwogCiAgICAgaWYg KG1fY2F0Y2hCbG9jaykgewpAQCAtNTY0MSwxMCArNTY1MCwxMCBAQCBFdmFsTm9kZTo6fkV2YWxO b2RlKCkKIAogUmVnaXN0ZXJJRCogRXZhbE5vZGU6OmVtaXRDb2RlKENvZGVHZW5lcmF0b3ImIGdl bmVyYXRvciwgUmVnaXN0ZXJJRCopCiB7Ci0gICAgUmVnaXN0ZXJJRCogcjAgPSBzdGF0ZW1lbnRM aXN0RW1pdENvZGUobV9jaGlsZHJlbiwgZ2VuZXJhdG9yKTsKLSAgICBpZiAoIXIwKQotICAgICAg ICByMCA9IGdlbmVyYXRvci5lbWl0TG9hZChnZW5lcmF0b3IubmV3VGVtcG9yYXJ5KCksIGpzVW5k ZWZpbmVkKCkpOwotICAgIGdlbmVyYXRvci5lbWl0RW5kKHIwKTsKKyAgICBSZWZQdHI8UmVnaXN0 ZXJJRD4gZHN0UmVnaXN0ZXIgPSBnZW5lcmF0b3IubmV3VGVtcG9yYXJ5KCk7CisgICAgZ2VuZXJh dG9yLmVtaXRMb2FkKGRzdFJlZ2lzdGVyLmdldCgpLCBqc1VuZGVmaW5lZCgpKTsKKyAgICBzdGF0 ZW1lbnRMaXN0RW1pdENvZGUobV9jaGlsZHJlbiwgZ2VuZXJhdG9yLCBkc3RSZWdpc3Rlci5nZXQo KSk7CisgICAgZ2VuZXJhdG9yLmVtaXRFbmQoZHN0UmVnaXN0ZXIuZ2V0KCkpOwogICAgIHJldHVy biAwOwogfQogCkBAIC01NzE0LDEwICs1NzIzLDEwIEBAIFJlZ2lzdGVySUQqIEZ1bmN0aW9uQm9k eU5vZGU6OmVtaXRDb2RlKENvZGVHZW5lcmF0b3ImIGdlbmVyYXRvciwgUmVnaXN0ZXJJRCopCiAK IFJlZ2lzdGVySUQqIFByb2dyYW1Ob2RlOjplbWl0Q29kZShDb2RlR2VuZXJhdG9yJiBnZW5lcmF0 b3IsIFJlZ2lzdGVySUQqKQogewotICAgIFJlZ2lzdGVySUQqIHIwID0gc3RhdGVtZW50TGlzdEVt aXRDb2RlKG1fY2hpbGRyZW4sIGdlbmVyYXRvcik7Ci0gICAgaWYgKCFyMCkKLSAgICAgICAgcjAg PSBnZW5lcmF0b3IuZW1pdExvYWQoZ2VuZXJhdG9yLm5ld1RlbXBvcmFyeSgpLCBqc1VuZGVmaW5l ZCgpKTsKLSAgICBnZW5lcmF0b3IuZW1pdEVuZChyMCk7CisgICAgUmVmUHRyPFJlZ2lzdGVySUQ+ IGRzdFJlZ2lzdGVyID0gZ2VuZXJhdG9yLm5ld1RlbXBvcmFyeSgpOworICAgIGdlbmVyYXRvci5l bWl0TG9hZChkc3RSZWdpc3Rlci5nZXQoKSwganNVbmRlZmluZWQoKSk7CisgICAgc3RhdGVtZW50 TGlzdEVtaXRDb2RlKG1fY2hpbGRyZW4sIGdlbmVyYXRvciwgZHN0UmVnaXN0ZXIuZ2V0KCkpOwor ICAgIGdlbmVyYXRvci5lbWl0RW5kKGRzdFJlZ2lzdGVyLmdldCgpKTsKICAgICByZXR1cm4gMDsK IH0KIAo= 20713 2008-04-20 19:54:09 -0700 2008-04-20 19:55:00 -0700 patch #2 bug18642.patch text/plain 2389 oliver ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyBiL0phdmFTY3JpcHRDb3JlL0No YW5nZUxvZwppbmRleCA4Zjc4N2RjLi4zNWZlZmY4IDEwMDY0NAotLS0gYS9KYXZhU2NyaXB0Q29y ZS9DaGFuZ2VMb2cKKysrIGIvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjAg QEAKKzIwMDgtMDQtMjAgIE9saXZlciBIdW50ICA8b2xpdmVyQGFwcGxlLmNvbT4KKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBCdWcgMTg2NDI6IEl0ZXJh dG9yIGNvbnRleHQgbWF5IGdldCBwbGFjZWQgaW50byB0aGUgcmV0dXJuIHJlZ2lzdGVyLCBsZWFk aW5nIHRvIG11Y2ggYmFkbmVzcworICAgICAgICA8aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTE4NjQyPgorCisgICAgICAgIFRvIHByZXZlbnQgaW5jb3JyZWN0bHkgcmV1 c2luZyB3aGF0IHdpbGwgYmVjb21lIHRoZSByZXN1bHQgcmVnaXN0ZXIgZm9yCisgICAgICAgIGV2 YWwgYW5kIGdsb2JhbCBjb2RlIGV4ZWN1dGlvbiwgd2UgbmVlZCB0byByZXF1ZXN0IGFuZCByZWYg dGhlIGRlc3RpbmF0aW9uCisgICAgICAgIGluIGFkdmFuY2Ugb2YgY29kZWdlbi4gIFVuZm9ydHVu YXRlbHkgdGhpcyBtYXkgbGVhZCB0byB1bm5lY2Vzc2FyeSBjb3B5aW5nLAorICAgICAgICBhbHRo b3VnaCBpbiBmdXR1cmUgd2UgY2FuIHByb2JhYmx5IGxpbWl0IHRoaXMuICBDdXJpb3VzbHkgU3Vu U3BpZGVyIHNob3dzCisgICAgICAgIGEgcHJvZ3Jlc3Npb24gaW4gYSBudW1iZXIgb2YgdGVzdHMs IGFsdGhvdWdoIGl0IGNvbWVzIG91dCBhcyBhIHdhc2ggb3ZlcmFsbC4KKworICAgICAgICAqIGtq cy9ub2Rlcy5jcHA6CisgICAgICAgIChLSlM6OkV2YWxOb2RlOjplbWl0Q29kZSk6CisgICAgICAg IChLSlM6OlByb2dyYW1Ob2RlOjplbWl0Q29kZSk6CisKIDIwMDgtMDQtMjAgIENhbWVyb24gWndh cmljaCAgPGN3endhcmljaEB1d2F0ZXJsb28uY2E+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgTWFj aWVqLgpkaWZmIC0tZ2l0IGEvSmF2YVNjcmlwdENvcmUva2pzL25vZGVzLmNwcCBiL0phdmFTY3Jp cHRDb3JlL2tqcy9ub2Rlcy5jcHAKaW5kZXggZjZjZDk0NC4uZGUxMjk5ZCAxMDA2NDQKLS0tIGEv SmF2YVNjcmlwdENvcmUva2pzL25vZGVzLmNwcAorKysgYi9KYXZhU2NyaXB0Q29yZS9ranMvbm9k ZXMuY3BwCkBAIC01NjQxLDEwICs1NjQxLDEwIEBAIEV2YWxOb2RlOjp+RXZhbE5vZGUoKQogCiBS ZWdpc3RlcklEKiBFdmFsTm9kZTo6ZW1pdENvZGUoQ29kZUdlbmVyYXRvciYgZ2VuZXJhdG9yLCBS ZWdpc3RlcklEKikKIHsKLSAgICBSZWdpc3RlcklEKiByMCA9IHN0YXRlbWVudExpc3RFbWl0Q29k ZShtX2NoaWxkcmVuLCBnZW5lcmF0b3IpOwotICAgIGlmICghcjApCi0gICAgICAgIHIwID0gZ2Vu ZXJhdG9yLmVtaXRMb2FkKGdlbmVyYXRvci5uZXdUZW1wb3JhcnkoKSwganNVbmRlZmluZWQoKSk7 Ci0gICAgZ2VuZXJhdG9yLmVtaXRFbmQocjApOworICAgIFJlZlB0cjxSZWdpc3RlcklEPiBkc3RS ZWdpc3RlciA9IGdlbmVyYXRvci5uZXdUZW1wb3JhcnkoKTsKKyAgICBnZW5lcmF0b3IuZW1pdExv YWQoZHN0UmVnaXN0ZXIuZ2V0KCksIGpzVW5kZWZpbmVkKCkpOworICAgIHN0YXRlbWVudExpc3RF bWl0Q29kZShtX2NoaWxkcmVuLCBnZW5lcmF0b3IsIGRzdFJlZ2lzdGVyLmdldCgpKTsKKyAgICBn ZW5lcmF0b3IuZW1pdEVuZChkc3RSZWdpc3Rlci5nZXQoKSk7CiAgICAgcmV0dXJuIDA7CiB9CiAK QEAgLTU3MTQsMTAgKzU3MTQsMTAgQEAgUmVnaXN0ZXJJRCogRnVuY3Rpb25Cb2R5Tm9kZTo6ZW1p dENvZGUoQ29kZUdlbmVyYXRvciYgZ2VuZXJhdG9yLCBSZWdpc3RlcklEKikKIAogUmVnaXN0ZXJJ RCogUHJvZ3JhbU5vZGU6OmVtaXRDb2RlKENvZGVHZW5lcmF0b3ImIGdlbmVyYXRvciwgUmVnaXN0 ZXJJRCopCiB7Ci0gICAgUmVnaXN0ZXJJRCogcjAgPSBzdGF0ZW1lbnRMaXN0RW1pdENvZGUobV9j aGlsZHJlbiwgZ2VuZXJhdG9yKTsKLSAgICBpZiAoIXIwKQotICAgICAgICByMCA9IGdlbmVyYXRv ci5lbWl0TG9hZChnZW5lcmF0b3IubmV3VGVtcG9yYXJ5KCksIGpzVW5kZWZpbmVkKCkpOwotICAg IGdlbmVyYXRvci5lbWl0RW5kKHIwKTsKKyAgICBSZWZQdHI8UmVnaXN0ZXJJRD4gZHN0UmVnaXN0 ZXIgPSBnZW5lcmF0b3IubmV3VGVtcG9yYXJ5KCk7CisgICAgZ2VuZXJhdG9yLmVtaXRMb2FkKGRz dFJlZ2lzdGVyLmdldCgpLCBqc1VuZGVmaW5lZCgpKTsKKyAgICBzdGF0ZW1lbnRMaXN0RW1pdENv ZGUobV9jaGlsZHJlbiwgZ2VuZXJhdG9yLCBkc3RSZWdpc3Rlci5nZXQoKSk7CisgICAgZ2VuZXJh dG9yLmVtaXRFbmQoZHN0UmVnaXN0ZXIuZ2V0KCkpOwogICAgIHJldHVybiAwOwogfQogCg==