[Webkit-unassigned] [Bug 118498] ASSERTION FAILED: callFrame == vm->topCallFrame || callFrame == callFrame->lexicalGlobalObject()->globalExec() || callFrame == callFrame->dynamicGlobalObject()->globalExec() in JSC::Interpreter::addStackTraceIfNecessary
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 10 11:46:28 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=118498
Chris <chris_curtis at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #206402| |review?
Flag| |
--- Comment #3 from Chris <chris_curtis at apple.com> 2013-07-10 11:48:29 PST ---
Created an attachment (id=206402)
--> (https://bugs.webkit.org/attachment.cgi?id=206402&action=review)
Modified throwExceptionFromOpCall to take in a function pointer.
ThrowExceptionFromOpCall maintains the topCallFrame for the error throw. In the cases where the Error needs to be created it was being passed exec->callerFrame(), but the topCallFrame was not being adjusted. When it was time to get the stack, the assert check saw that the topCallFrame was still pointed at exec not exec->callerFrame() and caused the crash. By waiting to create the error until after the maintenance of topCallFrame, the topCallFrames match.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list