Fixed the known native arg handler from accidentally using 'continue' to break out of a loop one level higher. This was causing crashes when the arg didn't match the expected types (bug 450530).

2024-09-13 09:24:08 -07:00 · 2008-08-14 11:48:43 -07:00 · 2008-08-14 11:48:43 -07:00 · 9f7d261303
commit 9f7d261303
parent d0056d1820
1 changed files with 10 additions and 2 deletions
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@ -3568,6 +3568,10 @@ TraceRecorder::record_JSOP_CALL()
        LIns** argp = &args[argc + prefixc - 1];
        char argtype;

+#if defined _DEBUG
+        memset(args, 0xCD, sizeof(args));	
+#endif
+
        jsval& thisval = stackval(0 - (argc + 1));
        LIns* thisval_ins = get(&thisval);
        if (known->tclasp &&
@ -3607,7 +3611,7 @@ TraceRecorder::record_JSOP_CALL()
 #undef HANDLE_PREFIX

 #define HANDLE_ARG(i)                                                          \
-    JS_BEGIN_MACRO                                                             \
+    {                                                                          \
        jsval& arg = stackval(-(i + 1));                                       \
        argtype = known->argtypes[i];                                          \
        if (argtype == 'd' || argtype == 'i') {                                \
@ -3632,7 +3636,7 @@ TraceRecorder::record_JSOP_CALL()
            continue;     /* might have another specialization for arg */      \
        }                                                                      \
        argp--;                                                                \
-    JS_END_MACRO
+    }

        switch (strlen(known->argtypes)) {
          case 4:
@ -3655,6 +3659,10 @@ TraceRecorder::record_JSOP_CALL()

 #undef HANDLE_ARG

+#if defined _DEBUG
+        JS_ASSERT(args[0] != (LIns *)0xcdcdcdcd);
+#endif
+
        LIns* res_ins = lir->insCall(known->builtin, args);
        switch (known->errtype) {
          case FAIL_NULL: