Bug 127146

Summary: throwing an objc object (or general binding object) triggers an assertion
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ap: review+

Oliver Hunt
Reported 2014-01-16 14:47:32 PST
So Bindings::Instance consumes all property assignment including the "stack" assignment when throwing an exception. This trigger the following assertion which should probably just be removed. frame #1: 0x0000000100493acb JavaScriptCore`JSC::Interpreter::unwind(this=0x000000010e4124c0, callFrame=0x00007fff5fbfcfd0, exceptionValue=0x00007fff5fbfcfc8) + 587 at Interpreter.cpp:680 677 } 678 679 ASSERT(callFrame->vm().exceptionStack().size()); -> 680 ASSERT(!exceptionValue.isObject() || asObject(exceptionValue)->hasProperty(callFrame, callFrame->vm().propertyNames->stack)); 681
Attachments
Patch (1.60 KB, patch)
2014-01-16 14:49 PST, Oliver Hunt 		ap: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2014-01-16 14:49:19 PST
Created attachment 221416 [details] Patch
Oliver Hunt
Comment 2 2014-01-16 14:51:26 PST
Committed r162156: <http://trac.webkit.org/changeset/162156>
Note You need to log in before you can comment on or make changes to this bug.