From: sgjesse@chromium.org <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 18 Dec 2008 09:39:18 +0000 (+0000)
Subject: Fix an issue of a raw pointer being returned after possible allocation.
X-Git-Tag: upstream/4.7.83~24848
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e33f70db93cac0bfcceef64a7df72737b3a97c44;p=platform%2Fupstream%2Fv8.git

Fix an issue of a raw pointer being returned after possible allocation.
Review URL: http://codereview.chromium.org/14833

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/ic.cc b/src/ic.cc
index 2dc9742a9..260a0fb7a 100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -355,14 +355,19 @@ Object* CallIC::LoadFunction(State state,
     // If performing debug step into then flood this function with one-shot
     // break points if it is called from where step into was requested.
     if (Debug::StepInActive() && fp() == Debug::step_in_fp()) {
+      // Protect the result in a handle as the debugger can allocate and might
+      // cause GC.
+      HandleScope scope;
+      Handle<Object> result_handle(result);
       // Don't allow step into functions in the native context.
       if (JSFunction::cast(result)->context()->global() !=
           Top::context()->builtins()) {
-        HandleScope scope;
         Handle<SharedFunctionInfo> shared(JSFunction::cast(result)->shared());
         Debug::FloodWithOneShot(shared);
       }
+      return *result_handle;
     }
+
     return result;
   }