Bug 885976 - Make ScriptFrameIter::numFrameSlots() a bit more robust. r=luke

2024-10-24 10:45:42 +00:00 · 2013-06-24 18:44:22 +02:00 · 2013-06-24 18:44:22 +02:00 · 356866d0f4
commit 356866d0f4
parent 64a8beb86e
2 changed files with 14 additions and 3 deletions
--- a/js/src/jit-test/tests/asm.js/bug885976.js
+++ b/js/src/jit-test/tests/asm.js/bug885976.js
@ -0,0 +1,12 @@
+// |jit-test| error: TypeError
+function test(stdlib, foreign) {
+    "use asm"
+    var ff = foreign.ff
+    function f(y) {
+        y = +y;
+        ff(0);
+    }
+    return f;
+};
+f = test(this, {ff: Object.preventExtensions});
+f();
--- a/js/src/vm/Stack.cpp
+++ b/js/src/vm/Stack.cpp
@ -1216,9 +1216,8 @@ ScriptFrameIter::numFrameSlots() const
 #endif
      }
      case SCRIPTED:
-        JS_ASSERT(data_.cx_);
-        JS_ASSERT(data_.cx_->interpreterRegs().spForStackDepth(0) == interpFrame()->base());
-        return data_.cx_->interpreterRegs().sp - interpFrame()->base();
+        JS_ASSERT(data_.interpFrames_.sp() >= interpFrame()->base());
+        return data_.interpFrames_.sp() - interpFrame()->base();
    }
    JS_NOT_REACHED("Unexpected state");
    return 0;