JSC ASSERT Opening the Web Inspector
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 4 Oct 2011 01:37:19 +0000 (01:37 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 4 Oct 2011 01:37:19 +0000 (01:37 +0000)
https://bugs.webkit.org/show_bug.cgi?id=69293

Reviewed by Oliver Hunt.

If a polymorphic access structure list has a duplicated structure, then
don't crash.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@96564 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

index c1680b2..8792e11 100644 (file)
@@ -1,3 +1,16 @@
+2011-10-03  Filip Pizlo  <fpizlo@apple.com>
+
+        JSC ASSERT Opening the Web Inspector
+        https://bugs.webkit.org/show_bug.cgi?id=69293
+
+        Reviewed by Oliver Hunt.
+        
+        If a polymorphic access structure list has a duplicated structure, then
+        don't crash.
+
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+
 2011-10-03  Gavin Barraclough  <barraclough@apple.com>
 
         On X86, switch bucketCount into a register, timeoutCheck into memory
index d742cde..d36bf5d 100644 (file)
@@ -1191,6 +1191,9 @@ bool ByteCodeParser::parseBlock(unsigned limit)
                         }
                         
                         Structure* structure = list->list[i].base.get();
+                        if (structureSet.contains(structure))
+                            continue;
+                        
                         size_t myOffset = structure->get(*m_globalData, identifier);
                     
                         if (myOffset == notFound) {