Bug 82947

Summary: Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we try to create an arguments object from the activation
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch none

Filip Pizlo
Reported 2012-04-02 14:27:46 PDT
Patch forthcoming. <rdar://problem/11058598>
Attachments
the patch (3.28 KB, patch)
2012-04-02 14:29 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2012-04-02 14:29:26 PDT
Created attachment 135186 [details] the patch
Filip Pizlo
Comment 2 2012-04-02 14:52:00 PDT
Reviewed by Gavin in person.
Filip Pizlo
Comment 3 2012-04-02 14:53:39 PDT
Landed in http://trac.webkit.org/changeset/112947
Note You need to log in before you can comment on or make changes to this bug.