зеркало из https://github.com/mozilla/gecko-dev.git
Fix PutBlockObjects conditional call to happen before stack it relies on is released (352212, r=mrbkap).
This commit is contained in:
brendan%mozilla.org
Родитель
df5d67c889
Коммит
8eeb36816d
|
|
@ -1402,10 +1402,6 @@ out:
|
||||||
hook(cx, &frame, JS_FALSE, &ok, hookData);
|
hook(cx, &frame, JS_FALSE, &ok, hookData);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If frame has block objects on its scope chain, cut them loose. */
|
|
||||||
if (frame.flags & JSFRAME_POP_BLOCKS)
|
|
||||||
ok &= PutBlockObjects(cx, &frame);
|
|
||||||
|
|
||||||
/* If frame has a call object, sync values and clear back-pointer. */
|
/* If frame has a call object, sync values and clear back-pointer. */
|
||||||
if (frame.callobj)
|
if (frame.callobj)
|
||||||
ok &= js_PutCallObject(cx, &frame);
|
ok &= js_PutCallObject(cx, &frame);
|
||||||
|
|
@ -2386,6 +2382,18 @@ interrupt:
|
||||||
JSInlineFrame *ifp = (JSInlineFrame *) fp;
|
JSInlineFrame *ifp = (JSInlineFrame *) fp;
|
||||||
void *hookData = ifp->hookData;
|
void *hookData = ifp->hookData;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If fp has blocks on its scope chain, home their locals now,
|
||||||
|
* before calling any debugger hook, and before freeing stack.
|
||||||
|
* This matches the order of block putting and hook calling in
|
||||||
|
* the "out-of-line" return code at the bottom of js_Interpret
|
||||||
|
* and in js_Invoke.
|
||||||
|
*/
|
||||||
|
if (fp->flags & JSFRAME_POP_BLOCKS) {
|
||||||
|
SAVE_SP_AND_PC(fp);
|
||||||
|
ok &= PutBlockObjects(cx, fp);
|
||||||
|
}
|
||||||
|
|
||||||
if (hookData) {
|
if (hookData) {
|
||||||
JSInterpreterHook hook = cx->runtime->callHook;
|
JSInterpreterHook hook = cx->runtime->callHook;
|
||||||
if (hook) {
|
if (hook) {
|
||||||
|
|
@ -2395,12 +2403,6 @@ interrupt:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If fp has blocks on its scope chain, cut them loose. */
|
|
||||||
if (fp->flags & JSFRAME_POP_BLOCKS) {
|
|
||||||
SAVE_SP_AND_PC(fp);
|
|
||||||
ok &= PutBlockObjects(cx, fp);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If fp has a call object, sync values and clear the back-
|
* If fp has a call object, sync values and clear the back-
|
||||||
* pointer. This can happen for a lightweight function if it
|
* pointer. This can happen for a lightweight function if it
|
||||||
|
|
@ -6327,6 +6329,12 @@ no_catch:;
|
||||||
* Restore the previous frame's execution state.
|
* Restore the previous frame's execution state.
|
||||||
*/
|
*/
|
||||||
if (JS_LIKELY(mark != NULL)) {
|
if (JS_LIKELY(mark != NULL)) {
|
||||||
|
/* If fp has blocks on its scope chain, home their locals now. */
|
||||||
|
if (fp->flags & JSFRAME_POP_BLOCKS) {
|
||||||
|
SAVE_SP_AND_PC(fp);
|
||||||
|
ok &= PutBlockObjects(cx, fp);
|
||||||
|
}
|
||||||
|
|
||||||
fp->sp = fp->spbase;
|
fp->sp = fp->spbase;
|
||||||
fp->spbase = NULL;
|
fp->spbase = NULL;
|
||||||
js_FreeRawStack(cx, mark);
|
js_FreeRawStack(cx, mark);
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче