If a function becomes heavyweight in the middle of an inline call, remember to pop the call object when it returns. bug 325540, r=brendan

2024-10-19 08:15:31 +00:00 · 2006-02-03 01:19:31 +00:00 · 2006-02-03 01:19:31 +00:00 · 6960e8d82b
commit 6960e8d82b
parent e918be96af
1 changed files with 11 additions and 0 deletions
--- a/js/src/jsinterp.c
+++ b/js/src/jsinterp.c
@ -2143,6 +2143,17 @@ interrupt:
                        LOAD_INTERRUPT_HANDLER(rt);
                    }
                }
+
+#if JS_HAS_CALL_OBJECT
+                /*
+                 * If frame has a call object, sync values and clear the back-
+                 * pointer. This can happen for a lightweight function if it
+                 * calls eval unexpectedly (in a way that is hidden from the
+                 * compiler). See bug 325540.
+                 */
+                if (fp->callobj)
+                    ok &= js_PutCallObject(cx, fp);
+#endif
 #if JS_HAS_ARGS_OBJECT
                if (fp->argsobj)
                    ok &= js_PutArgsObject(cx, fp);