WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
22504
Crashes during code generation occur due to refing of ignoredResult()
https://bugs.webkit.org/show_bug.cgi?id=22504
Summary
Crashes during code generation occur due to refing of ignoredResult()
Cameron Zwarich (cpst)
Reported
2008-11-25 17:55:02 PST
One thing seems to have been slightly overlooked in the handling of ignoredResult(). Many functions pass their value of dst to BytecodeGenerator::emitNode() and then put its return value into a RefPtr. Unfortunately, many emitBytecode() Node member functions return their passed value of dst, which leads to a crash when attempting to increase the reference count of ignoredResult(). Here is an example of this: function f() { do try { } catch (o) { } while (false) { } } It seems that this problem was known, because there are many emitBytecode() functions that do something like if (dst == ignoredResult()) dst = 0; However, this seems like a suboptimal solution to the problem.
Attachments
Proposed patch (without tests)
(14.73 KB, patch)
2008-11-27 02:45 PST
,
Cameron Zwarich (cpst)
no flags
Details
Formatted Diff
Diff
Proposed patch
(18.33 KB, patch)
2008-11-28 23:49 PST
,
Cameron Zwarich (cpst)
ggaren
: review+
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Cameron Zwarich (cpst)
Comment 1
2008-11-25 19:25:22 PST
Geoff told me a pretty good solution to this bug. Make ignoredResult() an instance-specific register off of BytecodeGenerator, so that reffing it is legal. I think I will implement that.
Cameron Zwarich (cpst)
Comment 2
2008-11-27 02:45:53 PST
Created
attachment 25556
[details]
Proposed patch (without tests) I'm gonna make some tests now.
Cameron Zwarich (cpst)
Comment 3
2008-11-28 23:49:41 PST
Created
attachment 25586
[details]
Proposed patch This includes all of the cases that will crash that I am aware of.
Eric Seidel (no email)
Comment 4
2008-12-01 12:31:06 PST
Comment on
attachment 25586
[details]
Proposed patch This looks sane to me. But one of the SFX folks should probably review it.
Geoffrey Garen
Comment 5
2008-12-01 17:55:33 PST
Comment on
attachment 25586
[details]
Proposed patch r=me
Cameron Zwarich (cpst)
Comment 6
2008-12-02 22:14:43 PST
Landed in
r38930
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug