Bug 382253: consistent termination of inline functions. r=brendan

2024-09-13 09:24:08 -07:00 · 2007-06-01 20:46:39 -07:00 · 2007-06-01 20:46:39 -07:00 · c030410f7b
commit c030410f7b
parent 75cb2258b9
1 changed files with 6 additions and 6 deletions
--- a/js/src/jsinterp.c
+++ b/js/src/jsinterp.c
@ -3950,7 +3950,7 @@ interrupt:
                if (!JSVAL_IS_OBJECT(vp[1])) {
                    PRIMITIVE_TO_OBJECT(cx, vp[1], obj2);
                    if (!obj2)
-                        goto out;
+                        goto bad_inline_call;
                    vp[1] = OBJECT_TO_JSVAL(obj2);
                }
                newifp->frame.thisp =
@ -3959,10 +3959,8 @@ interrupt:
                                   ? parent
                                   : JSVAL_TO_OBJECT(vp[1]),
                                   newifp->frame.argv);
-                if (!newifp->frame.thisp) {
-                    js_FreeRawStack(cx, newmark);
+                if (!newifp->frame.thisp)
                    goto bad_inline_call;
-                }
 #ifdef DUMP_CALL_TABLE
                LogCall(cx, *vp, argc, vp + 2);
 #endif
@ -3989,8 +3987,7 @@ interrupt:
                /* Scope with a call object parented by the callee's parent. */
                if (JSFUN_HEAVYWEIGHT_TEST(fun->flags) &&
                    !js_GetCallObject(cx, &newifp->frame, parent)) {
-                    ok = JS_FALSE;
-                    goto out;
+                    goto bad_inline_call;
                }

                /* Switch to new version if currentVersion wasn't overridden. */
@ -4015,9 +4012,12 @@ interrupt:
                DO_OP();

              bad_inline_call:
+                RESTORE_SP(fp);
+                JS_ASSERT(fp->pc == pc);
                script = fp->script;
                depth = (jsint) script->depth;
                atoms = script->atomMap.vector;
+                js_FreeRawStack(cx, newmark);
                ok = JS_FALSE;
                goto out;
            }