projects / platform / upstream / v8.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c71cf78)
Fix heap corruption and memory leakage in inspection of optimized frames.
authorsgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 11 Jul 2011 09:35:18 +0000 (09:35 +0000)
committersgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Mon, 11 Jul 2011 09:35:18 +0000 (09:35 +0000)
R=ricow@chromium.org

BUG=none
TEST=test/mjsunit/debug-evaluate-arguments.js

Review URL: http://codereview.chromium.org//7334005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8590 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/deoptimizer.cc patch | blob | history

diff --git a/src/deoptimizer.cc b/src/deoptimizer.cc
index e0651c7..175ee6e 100644 (file)
--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -1445,7 +1445,7 @@ DeoptimizedFrameInfo::DeoptimizedFrameInfo(
   SetFunction(output_frame->GetFunction());
   expression_count_ = output_frame->GetExpressionCount(deoptimizer);
   parameters_count_ = output_frame->ComputeParametersCount();
-  parameters_ = new Object*[expression_count_];
+  parameters_ = new Object*[parameters_count_];
   for (int i = 0; i < parameters_count_; i++) {
     SetParameter(i, output_frame->GetParameter(deoptimizer, i));
   }
@@ -1457,7 +1457,8 @@ DeoptimizedFrameInfo::DeoptimizedFrameInfo(
 
 
 DeoptimizedFrameInfo::~DeoptimizedFrameInfo() {
-  delete expression_stack_;
+  delete[] expression_stack_;
+  delete[] parameters_;
 }
 
 void DeoptimizedFrameInfo::Iterate(ObjectVisitor* v) {
Domain: Web Framework / Web Engine;