From 99c7da4cca86a3b3b67685394dadfe10b0614de8 Mon Sep 17 00:00:00 2001
From: Brian Hackett <bhackett1024@gmail.com>
Date: Sat, 19 Mar 2011 17:03:18 -0700
Subject: [PATCH] [INFER] Add monitoring for premature returns in JSOP_NAME,
 bug 642412.

---
 js/src/jsinterp.cpp            | 7 +++++++
 js/src/methodjit/StubCalls.cpp | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/js/src/jsinterp.cpp b/js/src/jsinterp.cpp
index 1b7d2cdd8f9..fa97562d87f 100644
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -5009,6 +5009,11 @@ BEGIN_CASE(JSOP_CALLNAME)
             PUSH_COPY(rval);
         }
 
+        if (op == JSOP_NAME || op == JSOP_CALLNAME) {
+            if (!script->typeMonitorResult(cx, regs.pc, regs.sp[-1]))
+                goto error;
+        }
+
         JS_ASSERT(obj->isGlobal() || IsCacheableNonGlobalScope(obj));
         if (op == JSOP_CALLNAME || op == JSOP_CALLGNAME)
             PUSH_IMPLICIT_THIS(cx, obj, regs.sp[-1]);
@@ -5026,6 +5031,8 @@ BEGIN_CASE(JSOP_CALLNAME)
         JSOp op2 = js_GetOpcode(cx, script, regs.pc + JSOP_NAME_LENGTH);
         if (op2 == JSOP_TYPEOF) {
             PUSH_UNDEFINED();
+            if (!script->typeMonitorUndefined(cx, regs.pc))
+                goto error;
             len = JSOP_NAME_LENGTH;
             DO_NEXT_OP(len);
         }
diff --git a/js/src/methodjit/StubCalls.cpp b/js/src/methodjit/StubCalls.cpp
index f166e0b64f2..9ad78e911ff 100644
--- a/js/src/methodjit/StubCalls.cpp
+++ b/js/src/methodjit/StubCalls.cpp
@@ -377,6 +377,8 @@ NameOp(VMFrame &f, JSObject *obj, bool markresult, bool callname)
             if (op2 == JSOP_TYPEOF) {
                 f.regs.sp++;
                 f.regs.sp[-1].setUndefined();
+                if (!f.script()->typeMonitorUndefined(cx, f.regs.pc))
+                    return NULL;
                 return obj;
             }
             ReportAtomNotDefined(cx, atom);