Google Git
Sign in
webkit / WebKit / 7426f92538d9ede0dd58c65aef193354b17efe0d^! / . / JavaScriptCore / bytecompiler
commit7426f92538d9ede0dd58c65aef193354b17efe0d[log] [tgz]
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jul 16 04:58:30 2010 +0000
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jul 16 04:58:30 2010 +0000
treef8ef0be018454cc11b7929e79b8053c9005ac647
parent46d9f57393083d4c2b74f1f93aaa3fb2b4906515 [diff]
2010-07-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Crash entering mail.yahoo.com
        https://bugs.webkit.org/show_bug.cgi?id=42394
    
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::argumentNumberFor): Added a NULL check. If the
        identifier we're resolving is not a local variable, registerFor returns
        NULL.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::FunctionBodyNode::emitBytecode): Unrelated to the crash, but I
        noticed this while working on it: No need to NULL-check returnNode,
        since an early return has already done so.
2010-07-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Test for https://bugs.webkit.org/show_bug.cgi?id=42394
        Crash entering mail.yahoo.com

        * fast/js/numeric-compare.html: Added.
        * fast/js/script-tests/numeric-compare.js: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@63515 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
index ff8a9c6..a3fa937 100644
--- a/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
+++ b/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -2051,7 +2051,10 @@
 int BytecodeGenerator::argumentNumberFor(const Identifier& ident)
 {
     int parameterCount = m_parameters.size(); // includes 'this'
-    int index = registerFor(ident)->index() + RegisterFile::CallFrameHeaderSize + parameterCount;
+    RegisterID* registerID = registerFor(ident);
+    if (!registerID)
+        return 0;
+    int index = registerID->index() + RegisterFile::CallFrameHeaderSize + parameterCount;
     return (index > 0 && index < parameterCount) ? index : 0;
 }
 

diff --git a/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/JavaScriptCore/bytecompiler/NodesCodegen.cpp
index 1337ab7..277562d 100644
--- a/JavaScriptCore/bytecompiler/NodesCodegen.cpp
+++ b/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -2036,7 +2036,7 @@
     }
 
     // If there is a return statment, and it is the only statement in the function, check if this is a numeric compare.
-    if (returnNode && static_cast<BlockNode*>(singleStatement)->singleStatement()) {
+    if (static_cast<BlockNode*>(singleStatement)->singleStatement()) {
         ExpressionNode* returnValueExpression = returnNode->value();
         if (returnValueExpression && returnValueExpression->isSubtract()) {
             ExpressionNode* lhsExpression = static_cast<SubNode*>(returnValueExpression)->lhs();