projects / platform / upstream / v8.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 48584df) | patch
Scoping error caused crash in CallICNexus::StateFromFeedback
authormvstanton <mvstanton@chromium.org>
Wed, 15 Jul 2015 09:14:49 +0000 (02:14 -0700)
committerCommit bot <commit-bot@chromium.org>
Wed, 15 Jul 2015 09:15:05 +0000 (09:15 +0000)
commitae11f20e26f3ab0e3c14d579baa98c5b19a8eb86
tree5cc5cca3601c315beec4bfc20eedcae5cd0729f1tree | snapshot
parent48584df5ed97e2cdec1b4900f783c47adc3a3d32commit | diff
Scoping error caused crash in CallICNexus::StateFromFeedback

A sloppy mode eval call that establishes strict mode will leak that strictness
into the sloppy surrounding scope on recompile. This changes the structure
of the type feedback vector for the function and crashes follow.

The fix is straightforward.

BUG=491536, 503565
LOG=N

Review URL: https://codereview.chromium.org/1231343003

Cr-Commit-Position: refs/heads/master@{#29671}
src/parser.cc diff | blob | history
src/parser.h diff | blob | history
src/preparser.cc diff | blob | history
src/preparser.h diff | blob | history
test/mjsunit/regress/regress-491536.js [new file with mode: 0644] blob
test/mjsunit/regress/regress-503565.js [new file with mode: 0644] blob
test/webkit/class-syntax-extends-expected.txt diff | blob | history
Domain: Web Framework / Web Engine;