Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-23 21:01:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1851135: Fix magic value check r=mgaudet

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D187299
This commit is contained in:
Iain Ireland 2023-09-06 18:22:43 +00:00
parent 8af2b78975
commit 507c198333
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
js/src/jit-test/tests/debug/bug1851135.js Normal file
View File

@ -0,0 +1,13 @@
// |jit-test| --fast-warmup; --no-threads
function foo() {
let x = {};
for (let i = 0; i < 100; i++) {
for (let j = 0; j < 100; j++) {}
}
const g = this.newGlobal({sameZoneAs: this});
const dbg = g.Debugger(this);
dbg.getNewestFrame().eval("x = foo;");
}
foo();

9
js/src/vm/EnvironmentObject.cpp
View File

@ -1705,15 +1705,18 @@ class DebugEnvironmentProxyHandler : public BaseProxyHandler {
AbstractFramePtr frame = maybeLiveEnv->frame();
uint32_t local = loc.slot();
MOZ_ASSERT(local < frame.script()->nfixed());
Value& localVal = frame.unaliasedLocal(local);
if (action == GET) {
vp.set(frame.unaliasedLocal(local));
vp.set(localVal);
} else {
if (frame.unaliasedLocal(local).isMagic(JS_UNINITIALIZED_LEXICAL)) {
// Note: localVal could also be JS_OPTIMIZED_OUT.
if (localVal.isMagic() &&
localVal.whyMagic() == JS_UNINITIALIZED_LEXICAL) {
ReportRuntimeLexicalError(cx, JSMSG_UNINITIALIZED_LEXICAL, id);
return false;
}
frame.unaliasedLocal(local) = vp;
localVal = vp;
}
} else if (AbstractGeneratorObject* genObj =
GetGeneratorObjectForEnvironment(cx, debugEnv);