JSC: BindingNode::bindValue doesn't increase the scope's reference count.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 11 Mar 2017 01:38:22 +0000 (01:38 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 11 Mar 2017 01:38:22 +0000 (01:38 +0000)
commit7251ec3d75f769ea5598b4fc3160f3df2f83adac
tree0f08ca936aaf43856fe115d12bb45b8ad8b3ccc8
parent72d80156fb479a2051ce838c3156b2040968f1a9
JSC: BindingNode::bindValue doesn't increase the scope's reference count.
https://bugs.webkit.org/show_bug.cgi?id=168546
<rdar://problem/30589551>

Reviewed by Saam Barati.

JSTests:

* stress/regress-168546.js: Added.

Source/JavaScriptCore:

We should protect the scope RegisterID with a RefPtr while it is still needed.

* bytecompiler/NodesCodegen.cpp:
(JSC::ForInNode::emitLoopHeader):
(JSC::ForOfNode::emitBytecode):
(JSC::BindingNode::bindValue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@213742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/regress-168546.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp