From e33f70db93cac0bfcceef64a7df72737b3a97c44 Mon Sep 17 00:00:00 2001
From: "sgjesse@chromium.org"
 <sgjesse@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 18 Dec 2008 09:39:18 +0000
Subject: [PATCH] Fix an issue of a raw pointer being returned after possible
 allocation. Review URL: http://codereview.chromium.org/14833

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@995 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/ic.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/ic.cc b/src/ic.cc
index 2dc9742..260a0fb 100644
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -355,14 +355,19 @@ Object* CallIC::LoadFunction(State state,
     // If performing debug step into then flood this function with one-shot
     // break points if it is called from where step into was requested.
     if (Debug::StepInActive() && fp() == Debug::step_in_fp()) {
+      // Protect the result in a handle as the debugger can allocate and might
+      // cause GC.
+      HandleScope scope;
+      Handle<Object> result_handle(result);
       // Don't allow step into functions in the native context.
       if (JSFunction::cast(result)->context()->global() !=
           Top::context()->builtins()) {
-        HandleScope scope;
         Handle<SharedFunctionInfo> shared(JSFunction::cast(result)->shared());
         Debug::FloodWithOneShot(shared);
       }
+      return *result_handle;
     }
+
     return result;
   }
 
-- 
2.7.4