[Webkit-unassigned] [Bug 118498] ASSERTION FAILED: callFrame == vm->topCallFrame || callFrame == callFrame->lexicalGlobalObject()->globalExec() || callFrame == callFrame->dynamicGlobalObject()->globalExec() in JSC::Interpreter::addStackTraceIfNecessary

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 10 11:46:28 PDT 2013


Chris <chris_curtis at apple.com> changed:

           What    |Removed                     |Added
 Attachment #206402|                            |review?
               Flag|                            |

--- Comment #3 from Chris <chris_curtis at apple.com>  2013-07-10 11:48:29 PST ---
Created an attachment (id=206402)
 --> (https://bugs.webkit.org/attachment.cgi?id=206402&action=review)
Modified throwExceptionFromOpCall to take in a function pointer.

ThrowExceptionFromOpCall maintains the topCallFrame for the error throw. In the cases where the Error needs to be created it was being passed exec->callerFrame(), but the topCallFrame was not being adjusted. When it was time to get the stack, the assert check saw that the topCallFrame was still pointed at exec not exec->callerFrame() and caused the crash. By waiting to create the error until after the maintenance of topCallFrame, the topCallFrames match.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list