Summary: | If CallFrame::trueCallFrame() knows that it's about to read garbage instead of a valid CodeOrigin/InlineCallFrame, then it should give up and return 0 and all callers should be robust against this | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Filip Pizlo <fpizlo> | ||||
Component: | JavaScriptCore | Assignee: | Filip Pizlo <fpizlo> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | barraclough, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Attachments: |
|
Description
Filip Pizlo
2013-04-05 14:00:00 PDT
Created attachment 196680 [details]
the patch
Comment on attachment 196680 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=196680&action=review > Source/JavaScriptCore/interpreter/CallFrame.cpp:124 > ASSERT_UNUSED(hasCodeOrigin, hasCodeOrigin); This can just change to ASSERT() as we use hasCodeOrigin now Landed in http://trac.webkit.org/changeset/147798 |