2008-06-23 Cameron Zwarich <cwzwarich@uwaterloo.ca>
authorcwzwarich@webkit.org <cwzwarich@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 24 Jun 2008 00:19:25 +0000 (00:19 +0000)
committercwzwarich@webkit.org <cwzwarich@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 24 Jun 2008 00:19:25 +0000 (00:19 +0000)
commite7f19cdfe6d90a1aa01feb88c08f7cff23ee9209
treeb46829bc0a2e23b9adafb510d1174f5a475e071c
parent68e2d1496b32a4eca7443772d98b8f106ec48a99
2008-06-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver.

        Bug 19716: REGRESSION (SquirrelFish): Reproducible crash after entering a username at mint.com
        <https://bugs.webkit.org/show_bug.cgi?id=19716>

        When unwinding callframes for exceptions, check whether the callframe
        was created by a reentrant native call to JavaScript after tearing off
        the local variables instead of before.

        JavaScriptCore:

        * VM/Machine.cpp:
        (KJS::Machine::unwindCallFrame):

        LayoutTests:

        * fast/js/reentrant-call-unwind-expected.txt: Added.
        * fast/js/reentrant-call-unwind.html: Added.
        * fast/js/resources/reentrant-call-unwind.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@34751 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JavaScriptCore/ChangeLog
JavaScriptCore/VM/Machine.cpp
LayoutTests/ChangeLog
LayoutTests/fast/js/reentrant-call-unwind-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/reentrant-call-unwind.html [new file with mode: 0644]
LayoutTests/fast/js/resources/reentrant-call-unwind.js [new file with mode: 0644]