Created attachment 263790 [details] Patch

Comment on attachment 263790 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=263790&action=review You are now setting up these thunks to call operationVMHandleException() with a CallFrame that has a null codeBlock. operationVMHandleException() calls genericUnwind(), and genericUnwind() starts with: if (Options::breakOnThrow()) { dataLog("In call frame ", RawPointer(callFrame), " for code block ", *callFrame->codeBlock(), "\n"); CRASH(); } Can you also please fix the above code in genericUnwind() to not deref that codeBlock pointer if it's null? I looked thru the rest of genericUnwind() and I think it is resilient against a null codeBlock pointer except the above logging line, but I think you should double check if you haven't already. r=me with the issues fixed. > Source/JavaScriptCore/ChangeLog:3 > + REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at â¦.apple.JavaScriptCore: JSC::ExecState::bytecodeOffset + 174 Please fix the special character before ".apple.JavaScriptCore:". > LayoutTests/ChangeLog:3 > + REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at â¦.apple.JavaScriptCore: JSC::ExecState::bytecodeOffset + 174 Please fix the non-ascii character before ".apple.JavaScriptCore:". > LayoutTests/js/script-tests/regress-150434.js:47 > +testPassed("Properly handled an exception from a tail called native function that called by a native function"); did you mean "that *was* called by *another* native function"?

Committed r191455: <http://trac.webkit.org/changeset/191455>