зеркало из https://github.com/mozilla/gecko-dev.git
Fix PutBlockObjects conditional call to happen before stack it relies on is released (352212, r=mrbkap).
This commit is contained in:
Родитель
df5d67c889
Коммит
8eeb36816d
|
@ -1402,10 +1402,6 @@ out:
|
|||
hook(cx, &frame, JS_FALSE, &ok, hookData);
|
||||
}
|
||||
|
||||
/* If frame has block objects on its scope chain, cut them loose. */
|
||||
if (frame.flags & JSFRAME_POP_BLOCKS)
|
||||
ok &= PutBlockObjects(cx, &frame);
|
||||
|
||||
/* If frame has a call object, sync values and clear back-pointer. */
|
||||
if (frame.callobj)
|
||||
ok &= js_PutCallObject(cx, &frame);
|
||||
|
@ -2386,6 +2382,18 @@ interrupt:
|
|||
JSInlineFrame *ifp = (JSInlineFrame *) fp;
|
||||
void *hookData = ifp->hookData;
|
||||
|
||||
/*
|
||||
* If fp has blocks on its scope chain, home their locals now,
|
||||
* before calling any debugger hook, and before freeing stack.
|
||||
* This matches the order of block putting and hook calling in
|
||||
* the "out-of-line" return code at the bottom of js_Interpret
|
||||
* and in js_Invoke.
|
||||
*/
|
||||
if (fp->flags & JSFRAME_POP_BLOCKS) {
|
||||
SAVE_SP_AND_PC(fp);
|
||||
ok &= PutBlockObjects(cx, fp);
|
||||
}
|
||||
|
||||
if (hookData) {
|
||||
JSInterpreterHook hook = cx->runtime->callHook;
|
||||
if (hook) {
|
||||
|
@ -2395,12 +2403,6 @@ interrupt:
|
|||
}
|
||||
}
|
||||
|
||||
/* If fp has blocks on its scope chain, cut them loose. */
|
||||
if (fp->flags & JSFRAME_POP_BLOCKS) {
|
||||
SAVE_SP_AND_PC(fp);
|
||||
ok &= PutBlockObjects(cx, fp);
|
||||
}
|
||||
|
||||
/*
|
||||
* If fp has a call object, sync values and clear the back-
|
||||
* pointer. This can happen for a lightweight function if it
|
||||
|
@ -6327,6 +6329,12 @@ no_catch:;
|
|||
* Restore the previous frame's execution state.
|
||||
*/
|
||||
if (JS_LIKELY(mark != NULL)) {
|
||||
/* If fp has blocks on its scope chain, home their locals now. */
|
||||
if (fp->flags & JSFRAME_POP_BLOCKS) {
|
||||
SAVE_SP_AND_PC(fp);
|
||||
ok &= PutBlockObjects(cx, fp);
|
||||
}
|
||||
|
||||
fp->sp = fp->spbase;
|
||||
fp->spbase = NULL;
|
||||
js_FreeRawStack(cx, mark);
|
||||
|
|
Загрузка…
Ссылка в новой задаче