Bug 114062 - If CallFrame::trueCallFrame() knows that it's about to read garbage instead of a valid CodeOrigin/InlineCallFrame, then it should give up and return 0 and all callers should be robust against this
Summary: If CallFrame::trueCallFrame() knows that it's about to read garbage instead o...
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
Keywords: InRadar
Depends on:
Reported: 2013-04-05 14:00 PDT by Filip Pizlo
Modified: 2013-04-05 14:33 PDT (History)
7 users (show)

See Also:

the patch (3.23 KB, patch)
2013-04-05 14:06 PDT, Filip Pizlo
oliver: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2013-04-05 14:00:00 PDT
This reduces the severity of bugs arising from our existing sloppiness with CodeOrigins.  We should fix that sloppiness, but before we do, we should make sure that even such sloppiness doesn't cause a WebKit process to go down in flames.

Comment 1 Filip Pizlo 2013-04-05 14:06:41 PDT
Created attachment 196680 [details]
the patch
Comment 2 Oliver Hunt 2013-04-05 14:10:34 PDT
Comment on attachment 196680 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=196680&action=review

> Source/JavaScriptCore/interpreter/CallFrame.cpp:124
>          ASSERT_UNUSED(hasCodeOrigin, hasCodeOrigin);

This can just change to ASSERT() as we use hasCodeOrigin now
Comment 3 Filip Pizlo 2013-04-05 14:33:08 PDT
Landed in http://trac.webkit.org/changeset/147798