[Webkit-unassigned] [Bug 150902] Using emitResolveScope & emitGetFromScope with 'this' that is TDZ lead to segfault in DFG
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 4 18:28:47 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=150902
--- Comment #1 from Saam Barati <sbarati at apple.com> ---
Some clarification:
This issue was found for the arrow function implementation where we're going to store "this" in an activation. We load this from the activation, and we end up killing the tdz check which obviously shouldn't happen (while inside a derived constructor).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151105/6a2d0775/attachment.html>
More information about the webkit-unassigned
mailing list