Bug 113952

Summary: Exception stack unwinding doesn't handle inline callframes correctly
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: New BugsAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch ggaren: review+

Oliver Hunt
Reported 2013-04-04 13:19:38 PDT
Exception stack unwinding doesn't handle inline callframes correctly
Attachments
Patch (9.32 KB, patch)
2013-04-04 13:26 PDT, Oliver Hunt 		no flags
DetailsFormatted DiffDiff
Patch (12.23 KB, patch)
2013-04-04 13:49 PDT, Oliver Hunt 		ggaren: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2013-04-04 13:26:46 PDT
Created attachment 196513 [details] Patch
Oliver Hunt
Comment 2 2013-04-04 13:49:53 PDT
Created attachment 196519 [details] Patch
Geoffrey Garen
Comment 3 2013-04-04 14:06:47 PDT
Comment on attachment 196519 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=196519&action=review r=me > Source/JavaScriptCore/ChangeLog:15 > + This used to be safe as the exception handling machinery was > + designed to fail gently and just claim that no handler existed. > + This was "safe" and even "correct" inasmuch as we currently > + don't run any code with exception handlers through the dfg. So, why did it turn out not to be safe or correct? > Source/JavaScriptCore/bytecode/CodeBlock.cpp:2734 > + while (InlineCallFrame* icf = origin.inlineCallFrame) { Let's call this "inlineCallFrame".
Oliver Hunt
Comment 4 2013-04-04 14:23:46 PDT
Committed r147670: <http://trac.webkit.org/changeset/147670>
Note You need to log in before you can comment on or make changes to this bug.