From 4d1fc444faebae02ae8da71dd7717916fc16e22a Mon Sep 17 00:00:00 2001 From: Nick Fitzgerald Date: Tue, 23 Jul 2013 10:10:43 -0700 Subject: [PATCH] Bug 895774 - Fix ScriptFrameIter::computeThis with multiple compartments and contexts; r=jandem --- js/src/jit-test/tests/basic/testBug895774.js | 14 ++++++++++++++ js/src/jsdbgapi.cpp | 2 +- js/src/vm/Debugger.cpp | 4 ++-- js/src/vm/Stack.cpp | 6 +++--- js/src/vm/Stack.h | 2 +- 5 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 js/src/jit-test/tests/basic/testBug895774.js diff --git a/js/src/jit-test/tests/basic/testBug895774.js b/js/src/jit-test/tests/basic/testBug895774.js new file mode 100644 index 00000000000..872e3e42c9d --- /dev/null +++ b/js/src/jit-test/tests/basic/testBug895774.js @@ -0,0 +1,14 @@ +var g1 = newGlobal(); +var g2 = newGlobal(); +g1.eval("function f1() { debugger; evaluate('debugger', {newContext:true}) }"); +g2.eval("function f2() { f1(); assertEq(Number(this), 42) }"); +g2.f1 = g1.f1; + +var dbg = new Debugger(g1,g2); +dbg.onDebuggerStatement = function(frame) { + var target = frame.older; + dbg.onDebuggerStatement = function(frame) { + assertEq(Number(target.this.unsafeDereference()), 42); + } +} +g2.f2.call(42); diff --git a/js/src/jsdbgapi.cpp b/js/src/jsdbgapi.cpp index 72a3c8af6c0..39ebeaa63c3 100644 --- a/js/src/jsdbgapi.cpp +++ b/js/src/jsdbgapi.cpp @@ -1061,7 +1061,7 @@ FormatFrame(JSContext *cx, const NonBuiltinScriptFrameIter &iter, char *buf, int RootedValue thisVal(cx); AutoPropertyDescArray thisProps(cx); - if (iter.computeThis()) { + if (iter.computeThis(cx)) { thisVal = iter.thisv(); if (showThisProps && !thisVal.isPrimitive()) thisProps.fetch(&thisVal.toObject()); diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp index 2daed0e2273..70e089d14a0 100644 --- a/js/src/vm/Debugger.cpp +++ b/js/src/vm/Debugger.cpp @@ -3820,7 +3820,7 @@ DebuggerFrame_getThis(JSContext *cx, unsigned argc, Value *vp) RootedValue thisv(cx); { AutoCompartment ac(cx, iter.scopeChain()); - if (!iter.computeThis()) + if (!iter.computeThis(cx)) return false; thisv = iter.thisv(); } @@ -4220,7 +4220,7 @@ DebuggerGenericEval(JSContext *cx, const char *fullMethodName, const Value &code Rooted env(cx); if (iter) { /* ExecuteInEnv requires 'fp' to have a computed 'this" value. */ - if (!iter->computeThis()) + if (!iter->computeThis(cx)) return false; thisv = iter->thisv(); env = GetDebugScopeForFrame(cx, iter->abstractFramePtr()); diff --git a/js/src/vm/Stack.cpp b/js/src/vm/Stack.cpp index 4a36d503441..dd65a048fbb 100644 --- a/js/src/vm/Stack.cpp +++ b/js/src/vm/Stack.cpp @@ -1099,12 +1099,12 @@ ScriptFrameIter::argsObj() const } bool -ScriptFrameIter::computeThis() const +ScriptFrameIter::computeThis(JSContext *cx) const { JS_ASSERT(!done()); if (!isIon()) { - JS_ASSERT(data_.cx_); - return ComputeThis(data_.cx_, abstractFramePtr()); + assertSameCompartment(cx, scopeChain()); + return ComputeThis(cx, abstractFramePtr()); } return true; } diff --git a/js/src/vm/Stack.h b/js/src/vm/Stack.h index 0d30d0f02f0..ebbf73846dc 100644 --- a/js/src/vm/Stack.h +++ b/js/src/vm/Stack.h @@ -1519,7 +1519,7 @@ class ScriptFrameIter ArgumentsObject &argsObj() const; // Ensure that thisv is correct, see ComputeThis. - bool computeThis() const; + bool computeThis(JSContext *cx) const; Value thisv() const; Value returnValue() const;