[Webkit-unassigned] [Bug 113907] Closure caching causes crash in exception handling
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 3 16:22:57 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=113907
--- Comment #2 from Oliver Hunt <oliver at apple.com> 2013-04-03 16:21:10 PST ---
(In reply to comment #1)
> (In reply to comment #0)
> > This piece of code crashes, as far as i can tell it appears to be due to CodeBlock::bytecodeOffset(CallFrame, ReturnAddressPtr) returning the bytecodeOffset from a ClosureCallStubRoutine that isn't in the target code block:
> > var value = 0;
> > function f(x) {
> > var result = 0;
> > function g(a) {
> > function throwEventually() {
> > if (value++ > 10000)
> > throw new Error;
> > return 5;
> > }
> > return a * throwEventually();
> > }
> > for (var i = 0; i < 3; i++)
> > i += g(x);
> > return i;
> > }
> >
> > while (true)
> > f(5)
>
> What happens if the closure call cache is cleared while one of the closure calls is still on the stack?
>
> Maybe that's what's going on?
Alas the crash i'm getting isn't in the above test case, i had an incorrect tree in my change.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list