From 9f7d2613036662b94fff4bfb628326ff3586c007 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Thu, 14 Aug 2008 11:48:43 -0700 Subject: [PATCH] Fixed the known native arg handler from accidentally using 'continue' to break out of a loop one level higher. This was causing crashes when the arg didn't match the expected types (bug 450530). --- js/src/jstracer.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/js/src/jstracer.cpp b/js/src/jstracer.cpp index f48415a54d3..fbaf6b82128 100644 --- a/js/src/jstracer.cpp +++ b/js/src/jstracer.cpp @@ -3568,6 +3568,10 @@ TraceRecorder::record_JSOP_CALL() LIns** argp = &args[argc + prefixc - 1]; char argtype; +#if defined _DEBUG + memset(args, 0xCD, sizeof(args)); +#endif + jsval& thisval = stackval(0 - (argc + 1)); LIns* thisval_ins = get(&thisval); if (known->tclasp && @@ -3607,7 +3611,7 @@ TraceRecorder::record_JSOP_CALL() #undef HANDLE_PREFIX #define HANDLE_ARG(i) \ - JS_BEGIN_MACRO \ + { \ jsval& arg = stackval(-(i + 1)); \ argtype = known->argtypes[i]; \ if (argtype == 'd' || argtype == 'i') { \ @@ -3632,7 +3636,7 @@ TraceRecorder::record_JSOP_CALL() continue; /* might have another specialization for arg */ \ } \ argp--; \ - JS_END_MACRO + } switch (strlen(known->argtypes)) { case 4: @@ -3655,6 +3659,10 @@ TraceRecorder::record_JSOP_CALL() #undef HANDLE_ARG +#if defined _DEBUG + JS_ASSERT(args[0] != (LIns *)0xcdcdcdcd); +#endif + LIns* res_ins = lir->insCall(known->builtin, args); switch (known->errtype) { case FAIL_NULL: