RESOLVED FIXED 213006
Stringifier::appendStringifiedValue() should not assume it is always safe to recurse. 
https://bugs.webkit.org/show_bug.cgi?id=213006
Summary Stringifier::appendStringifiedValue() should not assume it is always safe to ...
Mark Lam
Reported 2020-06-09 18:46:27 PDT
In r262727, I suggested that Alexey Shvayka add an assertion in Stringifier::appendStringifiedValue() that it is safe to recurse because we don't expect it to recurse into itself. Turns out this is a bad idea because a client may be doing the recursing, and Stringifier::appendStringifiedValue() ends up being executed with stack that is already in the reserved zone. This is legal, and is what the reserved zone is intended for as long as we don't recurse from here. However, this also means that the assertion vm.isSafeToRecurseSoft() will be fail because we're may already be in the reserved zone area. The fix is simply to remove this faulty assertion.
Attachments
proposed patch. (3.77 KB, patch)
2020-06-09 18:57 PDT, Mark Lam 		keith_miller: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2020-06-09 18:46:54 PDT
<rdar://problem/64154840>
Mark Lam
Comment 2 2020-06-09 18:57:38 PDT
Created attachment 401503 [details] proposed patch.
Keith Miller
Comment 3 2020-06-09 19:00:16 PDT
Comment on attachment 401503 [details] proposed patch. r=me
Mark Lam
Comment 4 2020-06-09 19:05:43 PDT
Thanks for the review. Landed in r262830: <http://trac.webkit.org/r262830>.
Note You need to log in before you can comment on or make changes to this bug.