wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Reland Bug 582479 - TM: Assertion failure: (&cx->regs->sp[1 - (iargc + 2)].toObject())->isFunction().

Browse Source
This commit is contained in:
Robert Sayre 2010-08-01 09:59:02 -07:00
parent fcd927ce28
commit a72794c86d
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
js/src/jstracer.cpp
View File

@ -14905,14 +14905,18 @@ TraceRecorder::record_JSOP_LAMBDA()
* so regs.sp[1 - (iargc + 2)], and not regs.sp[-(iargc + 2)],
* is the callee for this JSOP_CALL.
*/
JSFunction *calleeFun =
GET_FUNCTION_PRIVATE(cx, &cx->regs->sp[1 - (iargc + 2)].toObject());
FastNative fastNative = FUN_FAST_NATIVE(calleeFun);
const Value &cref = cx->regs->sp[1 - (iargc + 2)];
JSObject *callee;
if ((iargc == 1 && fastNative == array_sort) ||
(iargc == 2 && fastNative == str_replace)) {
stack(0, INS_CONSTOBJ(FUN_OBJECT(fun)));
return ARECORD_CONTINUE;
if (IsFunctionObject(cref, &callee)) {
JSFunction *calleeFun = GET_FUNCTION_PRIVATE(cx, callee);
FastNative fastNative = FUN_FAST_NATIVE(calleeFun);
if ((iargc == 1 && fastNative == array_sort) ||
(iargc == 2 && fastNative == str_replace)) {
stack(0, INS_CONSTOBJ(FUN_OBJECT(fun)));
return ARECORD_CONTINUE;
}
}
} else if (op2 == JSOP_NULL) {
pc2 += JSOP_NULL_LENGTH;