wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Backed out changeset fe813debcd79 (bug 1172498) for crashes.

Browse Source 
CLOSED TREE
This commit is contained in:
Ryan VanderMeulen 2015-06-23 16:27:49 -04:00
parent 3323a7a195
commit 2489dbda82
2 changed files with 3 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
js/src/jit-test/tests/ion/bug1172498.js
View File

@ -1,3 +0,0 @@
for(var e=1; e<10000; e++) {
new (function (c) { eval("var y"); });
}

13
js/src/jit/JitFrames.cpp
View File

@ -11,7 +11,6 @@
#include "jsfun.h"
#include "jsobj.h"
#include "jsscript.h"
#include "jsutil.h"
#include "gc/Marking.h"
#include "jit/BaselineDebugModeOSR.h"
@ -1048,11 +1047,9 @@ MarkThisAndArguments(JSTracer* trc, JitFrameLayout* layout)
size_t nargs = layout->numActualArgs();
size_t nformals = 0;
size_t newTargetOffset = 0;
if (CalleeTokenIsFunction(layout->calleeToken())) {
JSFunction* fun = CalleeTokenToFunction(layout->calleeToken());
nformals = fun->nonLazyScript()->argumentsHasVarBinding() ? 0 : fun->nargs();
newTargetOffset = Max(nargs, fun->nargs());
}
Value* argv = layout->argv();
@ -1060,14 +1057,10 @@ MarkThisAndArguments(JSTracer* trc, JitFrameLayout* layout)
// Trace |this|.
TraceRoot(trc, argv, "ion-thisv");
// Trace actual arguments beyond the formals. Note + 1 for thisv.
for (size_t i = nformals + 1; i < nargs + 1; i++)
// Trace actual arguments and newTarget beyond the formals. Note + 1 for thisv.
bool constructing = CalleeTokenIsConstructing(layout->calleeToken());
for (size_t i = nformals + 1; i < nargs + 1 + constructing; i++)
TraceRoot(trc, &argv[i], "ion-argv");
// Always mark the new.target from the frame. It's not in the snapshots.
// +1 to pass |this|
if (CalleeTokenIsConstructing(layout->calleeToken()))
TraceRoot(trc, &argv[1 + newTargetOffset], "ion-newTarget");
}
static void