| Summary: | Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we try to create an arguments object from the activation | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Filip Pizlo <fpizlo> | ||||
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | Keywords: | InRadar | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Attachments: |
|
||||||
|
Description
Filip Pizlo
2012-04-02 14:27:46 PDT
Created attachment 135186 [details]
the patch
Reviewed by Gavin in person. Landed in http://trac.webkit.org/changeset/112947 |