2010-07-15 Geoffrey Garen <ggaren@apple.com>
Reviewed by Maciej Stachowiak.
Crash entering mail.yahoo.com
https://bugs.webkit.org/show_bug.cgi?id=42394
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::argumentNumberFor): Added a NULL check. If the
identifier we're resolving is not a local variable, registerFor returns
NULL.
* bytecompiler/NodesCodegen.cpp:
(JSC::FunctionBodyNode::emitBytecode): Unrelated to the crash, but I
noticed this while working on it: No need to NULL-check returnNode,
since an early return has already done so.
2010-07-15 Geoffrey Garen <ggaren@apple.com>
Reviewed by Maciej Stachowiak.
Test for https://bugs.webkit.org/show_bug.cgi?id=42394
Crash entering mail.yahoo.com
* fast/js/numeric-compare.html: Added.
* fast/js/script-tests/numeric-compare.js: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@63515 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/JavaScriptCore/bytecompiler/NodesCodegen.cpp
index 1337ab7..277562d 100644
--- a/JavaScriptCore/bytecompiler/NodesCodegen.cpp
+++ b/JavaScriptCore/bytecompiler/NodesCodegen.cpp
@@ -2036,7 +2036,7 @@
}
// If there is a return statment, and it is the only statement in the function, check if this is a numeric compare.
- if (returnNode && static_cast<BlockNode*>(singleStatement)->singleStatement()) {
+ if (static_cast<BlockNode*>(singleStatement)->singleStatement()) {
ExpressionNode* returnValueExpression = returnNode->value();
if (returnValueExpression && returnValueExpression->isSubtract()) {
ExpressionNode* lhsExpression = static_cast<SubNode*>(returnValueExpression)->lhs();
