Skip to site navigation (Press enter)

[webkit-changes] [156046] trunk/Source/JavaScriptCore

msaboff Wed, 18 Sep 2013 10:50:39 -0700

Title: [156046] trunk/Source/_javascript_Core

Revision: 156046
Author: msab...@apple.com
Date: 2013-09-18 09:51:07 -0700 (Wed, 18 Sep 2013)

Log Message

REGRESSION(r155771): js/stack-overflow-arrity-catch.html is crashing on non-Mac platforms
https://bugs.webkit.org/show_bug.cgi?id=121376


Reviewed by Oliver Hunt.

Fix stack grow() call for stack growing down.  This should catch running out of stack space before
we try to move the frame down due to arity mismatch.

* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::arityCheckFor):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (156045 => 156046)


--- trunk/Source/_javascript_Core/ChangeLog	2013-09-18 16:33:18 UTC (rev 156045)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-09-18 16:51:07 UTC (rev 156046)
@@ -1,3 +1,16 @@
+2013-09-17  Michael Saboff  <msab...@apple.com>
+
+        REGRESSION(r155771): js/stack-overflow-arrity-catch.html is crashing on non-Mac platforms
+        https://bugs.webkit.org/show_bug.cgi?id=121376
+
+        Reviewed by Oliver Hunt.
+
+        Fix stack grow() call for stack growing down.  This should catch running out of stack space before
+        we try to move the frame down due to arity mismatch.
+
+        * runtime/CommonSlowPaths.h:
+        (JSC::CommonSlowPaths::arityCheckFor):
+
 2013-09-18  Andreas Kling  <akl...@apple.com>
 
         YARR: Put UCS2 canonicalization tables in read-only memory.

Modified: trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h (156045 => 156046)


--- trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h	2013-09-18 16:33:18 UTC (rev 156045)
+++ trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h	2013-09-18 16:51:07 UTC (rev 156046)
@@ -53,7 +53,7 @@
     int argumentCountIncludingThis = exec->argumentCountIncludingThis();
     
     // This ensures enough space for the worst case scenario of zero arguments passed by the caller.
-    if (!stack->grow(exec->registers() + newCodeBlock->numParameters() + newCodeBlock->m_numCalleeRegisters))
+    if (!stack->grow(exec->registers() - newCodeBlock->numParameters() - newCodeBlock->m_numCalleeRegisters))
         return -1;
     
     ASSERT(argumentCountIncludingThis < newCodeBlock->numParameters());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes