Bug 31635

Summary: Interpreter may do an out of range access when throwing an exception in the profiler.
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Patch ap: review+

Description Oliver Hunt 2009-11-18 12:22:20 PST 
Found this bug while looking at another bug -- the exception handling code assumes it can always look 8 words forward into the instruction stream, which may not be true in some cases.
Comment 1 Oliver Hunt 2009-11-18 12:25:15 PST 
Created attachment 43445 [details]
Patch
Comment 2 Alexey Proskuryakov 2009-11-18 12:40:30 PST 
Comment on attachment 43445 [details]
Patch

r=me
Comment 3 Oliver Hunt 2009-11-18 12:46:40 PST 
Committed r51128
Comment 4 Eric Seidel (no email) 2009-11-18 13:19:03 PST 
Looks like this may have regressed a test on the bots:
http://build.webkit.org/results/Leopard%20Intel%20Debug%20(Tests)/r51128%20(7372)/fast/profiler/throw-exception-from-eval-pretty-diff.html
Comment 5 Oliver Hunt 2009-11-18 13:25:02 PST 
Gah, i'm a moron and forgot to update the expected output