commit 94801befa1edb91009a0b26fcce39a10ebfddb9a
author msaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Wed Jun 20 00:45:06 2018 +0000
committer msaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Wed Jun 20 00:45:06 2018 +0000
tree 34d9f888da136809a40240703a94aa2b40341b29
parent a64ed01616bf52473779601011d0ddab3c4f5b1c

Crash in sanitizeStackForVMImpl sometimes when switching threads with same VM
https://bugs.webkit.org/show_bug.cgi?id=186827

Reviewed by Saam Barati.

Need to set VM::lastStackTop before any possible calls to sanitizeStack().

* runtime/JSLock.cpp:
(JSC::JSLock::didAcquireLock):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@232998 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/runtime/JSLock.cpp

diff --git a/Source/JavaScriptCore/runtime/JSLock.cpp b/Source/JavaScriptCore/runtime/JSLock.cpp
index 51d1870..abdcdac 100644
--- a/Source/JavaScriptCore/runtime/JSLock.cpp
+++ b/Source/JavaScriptCore/runtime/JSLock.cpp
@@ -134,6 +134,9 @@
     m_entryAtomicStringTable = thread.setCurrentAtomicStringTable(m_vm->atomicStringTable());
     ASSERT(m_entryAtomicStringTable);
 
+    m_vm->setLastStackTop(thread.savedLastStackTop());
+    ASSERT(thread.stack().contains(m_vm->lastStackTop()));
+
     if (m_vm->heap.hasAccess())
         m_shouldReleaseHeapAccess = false;
     else {
@@ -145,9 +148,6 @@
     void* p = &p; // A proxy for the current stack pointer.
     m_vm->setStackPointerAtVMEntry(p);
 
-    m_vm->setLastStackTop(thread.savedLastStackTop());
-    ASSERT(thread.stack().contains(m_vm->lastStackTop()));
-    
     m_vm->heap.machineThreads().addCurrentThread();
 #if ENABLE(WEBASSEMBLY)
     Wasm::startTrackingCurrentThread();