Bug 23063

Summary: [jsfunfuzz] Assertion + incorrect behaviour with dynamically created local variable in a catch block
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 13638    
Attachments:
Description Flags
Fix the creation of scopes for catch blocks containing eval zwarich: review+

Oliver Hunt
Reported 2008-12-31 22:10:50 PST
try { throw ""; } catch(e) { eval("var x=1"); } This throws, because the eval code attempts to insert a dynamic property onto the catch blocks scope object. but the catch block has a static scope node so cannot receive new properties.
Attachments
Fix the creation of scopes for catch blocks containing eval (8.54 KB, patch)
2008-12-31 23:54 PST, Oliver Hunt 		zwarich: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2008-12-31 23:54:31 PST
Created attachment 26344 [details] Fix the creation of scopes for catch blocks containing eval Fixeration
Cameron Zwarich (cpst)
Comment 2 2009-01-01 00:16:17 PST
Comment on attachment 26344 [details] Fix the creation of scopes for catch blocks containing eval You have a typo in your ChangeLog. It should be the catch block's static scope rather than the catch blocks static scope. You should also put the bool after the pointer member variables in the class definition. Other than that, r=me.
Oliver Hunt
Comment 3 2009-01-01 00:23:35 PST
Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/parser/Grammar.y M JavaScriptCore/parser/Nodes.cpp M JavaScriptCore/parser/Nodes.h M LayoutTests/ChangeLog M LayoutTests/fast/js/eval-var-decl-expected.txt M LayoutTests/fast/js/resources/eval-var-decl.js Committed r39534
Note You need to log in before you can comment on or make changes to this bug.