Fix JSOP_GETTHISPROP decompile-value-generator bug (431248, r=igor, a=dsicore).

2025-02-03 04:27:41 +00:00 · 2008-04-30 11:33:51 -07:00 · 2008-04-30 11:33:51 -07:00 · 98acc7ec5f
commit 98acc7ec5f
parent 20171b841e
2 changed files with 19 additions and 9 deletions
--- a/js/src/jsinterp.c
+++ b/js/src/jsinterp.c
@ -1156,9 +1156,9 @@ have_fun:
    rootedArgsFlag = JSFRAME_ROOTED_ARGV;
    if (nslots != 0) {
        /*
-         * The extra slots required by the function must be continues with the
-         * arguments. Thus, when the last arena does not have room to fit
-         * nslots right after sp and AllocateAfterSP fails, we have to copy
+         * The extra slots required by the function continue with argument
+         * slots. Thus, when the last stack pool arena does not have room to
+         * fit nslots right after sp and AllocateAfterSP fails, we have to copy
         * [vp..vp+2+argc) slots and clear rootedArgsFlag to root the copy.
         */
        if (!AllocateAfterSP(cx, sp, nslots)) {
--- a/js/src/jsopcode.c
+++ b/js/src/jsopcode.c
@ -1844,6 +1844,22 @@ Decompile(SprintStack *ss, jsbytecode *pc, intN nb, JSOp nextop)
                            op = JSOP_CALL;
                            break;
 #endif
+                          case JSOP_GETTHISPROP:
+                            /*
+                             * NB: JSOP_GETTHISPROP can't fail due to |this|
+                             * being null or undefined at runtime (beware that
+                             * this may change for ES4). Therefore any error
+                             * resulting from this op must be due to the value
+                             * of the property accessed via |this|, so do not
+                             * rewrite op to JSOP_THIS.
+                             *
+                             * The next three cases should not change op if
+                             * js_DecompileValueGenerator was called from the
+                             * the property getter. They should rewrite only
+                             * if the base object in the arg/var/local is null
+                             * or undefined. FIXME: bug 431569.
+                             */
+                            break;
                          case JSOP_GETARGPROP:
                            op = JSOP_GETARG;
                            break;
@ -1854,12 +1870,6 @@ Decompile(SprintStack *ss, jsbytecode *pc, intN nb, JSOp nextop)
                            op = JSOP_GETLOCAL;
                            break;
                          default:
-                            /*
-                             * NB: JSOP_GETTHISPROP can't happen here, as
-                             * there is no way (yet, watch out for proposed
-                             * ES4/JS2 strict mode) for this to be null or
-                             * undefined at runtime.
-                             */
                            LOCAL_ASSERT(0);
                        }
                    }