31635 – Interpreter may do an out of range access when throwing an exception in the profiler.

Bug 31635 - Interpreter may do an out of range access when throwing an exception in the profiler.

Summary: Interpreter may do an out of range access when throwing an exception in the p...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-11-18 12:22 PST by Oliver Hunt
Modified:	2009-11-18 13:25 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (2.76 KB, patch) 2009-11-18 12:25 PST, Oliver Hunt	ap: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Oliver Hunt 2009-11-18 12:22:20 PST

Found this bug while looking at another bug -- the exception handling code assumes it can always look 8 words forward into the instruction stream, which may not be true in some cases.

Comment 1 Oliver Hunt 2009-11-18 12:25:15 PST

Created attachment 43445 [details]
Patch

Comment 2 Alexey Proskuryakov 2009-11-18 12:40:30 PST

Comment on attachment 43445 [details]
Patch

r=me

Comment 3 Oliver Hunt 2009-11-18 12:46:40 PST

Committed r51128

Comment 4 Eric Seidel (no email) 2009-11-18 13:19:03 PST

Looks like this may have regressed a test on the bots:
http://build.webkit.org/results/Leopard%20Intel%20Debug%20(Tests)/r51128%20(7372)/fast/profiler/throw-exception-from-eval-pretty-diff.html

Comment 5 Oliver Hunt 2009-11-18 13:25:02 PST

Gah, i'm a moron and forgot to update the expected output