Fix an issue of a raw pointer being returned after possible allocation.

author sgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>

Thu, 18 Dec 2008 09:39:18 +0000 (09:39 +0000)

committer sgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>

Thu, 18 Dec 2008 09:39:18 +0000 (09:39 +0000)
author sgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Thu, 18 Dec 2008 09:39:18 +0000 (09:39 +0000)
committer sgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Thu, 18 Dec 2008 09:39:18 +0000 (09:39 +0000)
diff --git a/src/ic.cc b/src/ic.cc

index 2dc9742a95578fc8495f546aa982d5c97b039aff..260a0fb7af43c1e4c2f1f2b96eacd9d05125f246 100644 (file)
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -355,14 +355,19 @@ Object* CallIC::LoadFunction(State state,
      // If performing debug step into then flood this function with one-shot
      // break points if it is called from where step into was requested.
      if (Debug::StepInActive() && fp() == Debug::step_in_fp()) {
+      // Protect the result in a handle as the debugger can allocate and might
+      // cause GC.
+      HandleScope scope;
+      Handle<Object> result_handle(result);
        // Don't allow step into functions in the native context.
        if (JSFunction::cast(result)->context()->global() !=
            Top::context()->builtins()) {
-        HandleScope scope;
          Handle<SharedFunctionInfo> shared(JSFunction::cast(result)->shared());
          Debug::FloodWithOneShot(shared);
        }
+      return *result_handle;
      }
+
      return result;
    }
author	sgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Thu, 18 Dec 2008 09:39:18 +0000 (09:39 +0000)
committer	sgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Thu, 18 Dec 2008 09:39:18 +0000 (09:39 +0000)