104313 – Incorrect inequality for checking whether a statement is within bounds of a handler

Bug 104313 - Incorrect inequality for checking whether a statement is within bounds of a handler

Summary: Incorrect inequality for checking whether a statement is within bounds of a h...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2012-12-06 16:22 PST by Filip Pizlo
Modified:	2012-12-06 23:45 PST (History)
CC List:	7 users (show)

See Also:

Attachments
the patch (14.19 KB, patch) 2012-12-06 16:37 PST, Filip Pizlo	ggaren: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2012-12-06 16:22:03 PST

currentIndex <= end is not correct since end is exclusive rather than inclusive: it's the next instruction after the end of the try.

This never failed prior to my jsc upheaval because back then, the next instruction after a try was always a catch, which never threw.  But now the next instruction may be the start of an inlined finally block for the case where finally would be "called" from the tail of the try.

Comment 1 Filip Pizlo 2012-12-06 16:26:30 PST

<rdar://problem/12808934>

Comment 2 Filip Pizlo 2012-12-06 16:37:56 PST

Created attachment 178106 [details]
the patch

Comment 3 Geoffrey Garen 2012-12-06 17:18:08 PST

Comment on attachment 178106 [details]
the patch

r=me

Comment 4 Filip Pizlo 2012-12-06 23:45:39 PST

Landed in http://trac.webkit.org/changeset/136927