Fix PutBlockObjects conditional call to happen before stack it relies on is released (352212, r=mrbkap).

2006-09-12 17:44:58 +00:00 · 2006-09-12 17:44:58 +00:00 · 8eeb36816d
--- a/js/src/jsinterp.c
+++ b/js/src/jsinterp.c
@ -1402,10 +1402,6 @@ out:
            hook(cx, &frame, JS_FALSE, &ok, hookData);
    }

-    /* If frame has block objects on its scope chain, cut them loose. */
-    if (frame.flags & JSFRAME_POP_BLOCKS)
-        ok &= PutBlockObjects(cx, &frame);
-
    /* If frame has a call object, sync values and clear back-pointer. */
    if (frame.callobj)
        ok &= js_PutCallObject(cx, &frame);
@ -2386,6 +2382,18 @@ interrupt:
                JSInlineFrame *ifp = (JSInlineFrame *) fp;
                void *hookData = ifp->hookData;

+                /*
+                 * If fp has blocks on its scope chain, home their locals now,
+                 * before calling any debugger hook, and before freeing stack.
+                 * This matches the order of block putting and hook calling in
+                 * the "out-of-line" return code at the bottom of js_Interpret
+                 * and in js_Invoke.
+                 */
+                if (fp->flags & JSFRAME_POP_BLOCKS) {
+                    SAVE_SP_AND_PC(fp);
+                    ok &= PutBlockObjects(cx, fp);
+                }
+
                if (hookData) {
                    JSInterpreterHook hook = cx->runtime->callHook;
                    if (hook) {
@ -2395,12 +2403,6 @@ interrupt:
                    }
                }

-                /* If fp has blocks on its scope chain, cut them loose. */
-                if (fp->flags & JSFRAME_POP_BLOCKS) {
-                    SAVE_SP_AND_PC(fp);
-                    ok &= PutBlockObjects(cx, fp);
-                }
-
                /*
                 * If fp has a call object, sync values and clear the back-
                 * pointer. This can happen for a lightweight function if it
@ -6327,6 +6329,12 @@ no_catch:;
     * Restore the previous frame's execution state.
     */
    if (JS_LIKELY(mark != NULL)) {
+        /* If fp has blocks on its scope chain, home their locals now. */
+        if (fp->flags & JSFRAME_POP_BLOCKS) {
+            SAVE_SP_AND_PC(fp);
+            ok &= PutBlockObjects(cx, fp);
+        }
+
        fp->sp = fp->spbase;
        fp->spbase = NULL;
        js_FreeRawStack(cx, mark);