82947 2012-04-02 14:27:46 -0700 Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we try to create an arguments object from the activation 2012-04-02 14:53:39 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 1 fpizlo webkit-unassigned oldest_to_newest 593846 0 fpizlo 2012-04-02 14:27:46 -0700 Patch forthcoming. <rdar://problem/11058598> 593847 1 135186 fpizlo 2012-04-02 14:29:26 -0700 Created attachment 135186 the patch 593882 2 fpizlo 2012-04-02 14:52:00 -0700 Reviewed by Gavin in person. 593884 3 fpizlo 2012-04-02 14:53:39 -0700 Landed in http://trac.webkit.org/changeset/112947 135186 2012-04-02 14:29:26 -0700 2012-04-02 14:52:06 -0700 the patch fixact_patch_1.diff text/plain 3361 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTEyOTQzKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIwIEBA CisyMDEyLTA0LTAyICBGaWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CisKKyAgICAgICAg QWN0aXZhdGlvbiB0ZWFyLW9mZiBuZWdsZWN0cyB0byBjb3B5IHRoZSBjYWxsZWUgYW5kIHNjb3Bl IGNoYWluLCBsZWFkaW5nIHRvIGNyYXNoZXMgaWYgd2UKKyAgICAgICAgdHJ5IHRvIGNyZWF0ZSBh biBhcmd1bWVudHMgb2JqZWN0IGZyb20gdGhlIGFjdGl2YXRpb24KKyAgICAgICAgaHR0cHM6Ly9i dWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTgyOTQ3CisgICAgICAgIDxyZGFyOi8vcHJv YmxlbS8xMTA1ODU5OD4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKyAg ICAgICAgCisgICAgICAgIFdlIG5vdyBjb3B5IHRoZSBlbnRpcmUgY2FsbCBmcmFtZSBoZWFkZXIg anVzdCB0byBiZSBzdXJlLiBUaGlzIGlzIG1vc3RseSBwZXJmLW5ldHVyYWwsCisgICAgICAgIGV4 Y2VwdCBmb3IgYSAzLjclIHNsb3ctZG93biBpbiBWOC9lYXJsZXkuCisKKyAgICAgICAgKiBydW50 aW1lL0pTQWN0aXZhdGlvbi5jcHA6CisgICAgICAgIChKU0M6OkpTQWN0aXZhdGlvbjo6dmlzaXRD aGlsZHJlbik6CisgICAgICAgICogcnVudGltZS9KU0FjdGl2YXRpb24uaDoKKyAgICAgICAgKEpT Qzo6SlNBY3RpdmF0aW9uOjp0ZWFyT2ZmKToKKwogMjAxMi0wNC0wMiAgRGFuaWVsIEJhdGVzICA8 ZGJhdGVzQHdlYmtpdC5vcmc+CiAKICAgICAgICAgUmVtb3ZlIFNvdXJjZS9KYXZhU2NyaXB0Q29y ZS93dGYgYW5kIGl0cyBlbXB0eSBzdWJkaXJlY3RvcmllcwpJbmRleDogU291cmNlL0phdmFTY3Jp cHRDb3JlL3J1bnRpbWUvSlNBY3RpdmF0aW9uLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2 YVNjcmlwdENvcmUvcnVudGltZS9KU0FjdGl2YXRpb24uY3BwCShyZXZpc2lvbiAxMTI3MjYpCisr KyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0FjdGl2YXRpb24uY3BwCSh3b3JraW5n IGNvcHkpCkBAIC03OCwxMSArNzgsMTUgQEAgdm9pZCBKU0FjdGl2YXRpb246OnZpc2l0Q2hpbGRy ZW4oSlNDZWxsKgogICAgIFdyaXRlQmFycmllcjxVbmtub3duPiogcmVnaXN0ZXJBcnJheSA9IHRo aXNPYmplY3QtPm1fcmVnaXN0ZXJBcnJheS5nZXQoKTsKICAgICBpZiAoIXJlZ2lzdGVyQXJyYXkp CiAgICAgICAgIHJldHVybjsKLQorICAgIAogICAgIHZpc2l0b3IuYXBwZW5kVmFsdWVzKHJlZ2lz dGVyQXJyYXksIHRoaXNPYmplY3QtPm1fbnVtQ2FwdHVyZWRBcmdzKTsKIAotICAgIC8vIFNraXAg J3RoaXMnIGFuZCBjYWxsIGZyYW1lLgotICAgIHZpc2l0b3IuYXBwZW5kVmFsdWVzKHJlZ2lzdGVy QXJyYXkgKyBDYWxsRnJhbWU6Om9mZnNldEZvcih0aGlzT2JqZWN0LT5tX251bUNhcHR1cmVkQXJn cyArIDEpLCB0aGlzT2JqZWN0LT5tX251bUNhcHR1cmVkVmFycyk7CisgICAgLy8gU2tpcCAndGhp cycgYW5kIGNhbGwgZnJhbWUsIGV4Y2VwdCBmb3IgY2FsbGVlIGFuZCBzY29wZSBjaGFpbi4KKyAg ICBpbnQgb2Zmc2V0ID0gQ2FsbEZyYW1lOjpvZmZzZXRGb3IodGhpc09iamVjdC0+bV9udW1DYXB0 dXJlZEFyZ3MgKyAxKTsKKyAgICB2aXNpdG9yLmFwcGVuZChyZWdpc3RlckFycmF5ICsgb2Zmc2V0 ICsgUmVnaXN0ZXJGaWxlOjpTY29wZUNoYWluKTsKKyAgICB2aXNpdG9yLmFwcGVuZChyZWdpc3Rl ckFycmF5ICsgb2Zmc2V0ICsgUmVnaXN0ZXJGaWxlOjpDYWxsZWUpOworICAgIAorICAgIHZpc2l0 b3IuYXBwZW5kVmFsdWVzKHJlZ2lzdGVyQXJyYXkgKyBvZmZzZXQsIHRoaXNPYmplY3QtPm1fbnVt Q2FwdHVyZWRWYXJzKTsKIH0KIAogaW5saW5lIGJvb2wgSlNBY3RpdmF0aW9uOjpzeW1ib2xUYWJs ZUdldChjb25zdCBJZGVudGlmaWVyJiBwcm9wZXJ0eU5hbWUsIFByb3BlcnR5U2xvdCYgc2xvdCkK SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTQWN0aXZhdGlvbi5oCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTQWN0aXZhdGlvbi5oCShy ZXZpc2lvbiAxMTI3MjYpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0FjdGl2 YXRpb24uaAkod29ya2luZyBjb3B5KQpAQCAtMTI3LDE2ICsxMjcsOSBAQCBuYW1lc3BhY2UgSlND IHsKICAgICAgICAgT3duQXJyYXlQdHI8V3JpdGVCYXJyaWVyPFVua25vd24+ID4gcmVnaXN0ZXJB cnJheSA9IGFkb3B0QXJyYXlQdHIobmV3IFdyaXRlQmFycmllcjxVbmtub3duPltyZWdpc3RlckFy cmF5U2l6ZV0pOwogICAgICAgICBXcml0ZUJhcnJpZXI8VW5rbm93bj4qIHJlZ2lzdGVycyA9IHJl Z2lzdGVyQXJyYXkuZ2V0KCkgKyByZWdpc3Rlck9mZnNldDsKIAotICAgICAgICAvLyBDb3B5IGFs bCBhcmd1bWVudHMgdGhhdCBjYW4gYmUgY2FwdHVyZWQgYnkgbmFtZSBvciBieSB0aGUgYXJndW1l bnRzIG9iamVjdC4KLSAgICAgICAgZm9yIChpbnQgaSA9IDA7IGkgPCBtX251bUNhcHR1cmVkQXJn czsgKytpKSB7Ci0gICAgICAgICAgICBpbnQgaW5kZXggPSBDYWxsRnJhbWU6OmFyZ3VtZW50T2Zm c2V0KGkpOwotICAgICAgICAgICAgcmVnaXN0ZXJzW2luZGV4XS5zZXQoZ2xvYmFsRGF0YSwgdGhp cywgbV9yZWdpc3RlcnNbaW5kZXhdLmdldCgpKTsKLSAgICAgICAgfQotCi0gICAgICAgIC8vIFNr aXAgJ3RoaXMnIGFuZCBjYWxsIGZyYW1lLgotCi0gICAgICAgIC8vIENvcHkgYWxsIGNhcHR1cmVk IHZhcnMuCi0gICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgbV9udW1DYXB0dXJlZFZhcnM7ICsr aSkKKyAgICAgICAgaW50IGZyb20gPSBDYWxsRnJhbWU6OmFyZ3VtZW50T2Zmc2V0KG1fbnVtQ2Fw dHVyZWRBcmdzIC0gMSk7CisgICAgICAgIGludCB0byA9IG1fbnVtQ2FwdHVyZWRWYXJzOworICAg ICAgICBmb3IgKGludCBpID0gZnJvbTsgaSA8IHRvOyArK2kpCiAgICAgICAgICAgICByZWdpc3Rl cnNbaV0uc2V0KGdsb2JhbERhdGEsIHRoaXMsIG1fcmVnaXN0ZXJzW2ldLmdldCgpKTsKIAogICAg ICAgICBzZXRSZWdpc3RlcnMocmVnaXN0ZXJzLCByZWdpc3RlckFycmF5LnJlbGVhc2UoKSk7Cg==